Turning on debugging in Tomcat 5.5

2005-10-06 Thread James Rome 
Most of the installed Tomcat classes have something like
container.isDebugEnabled() {...}

How do I enable these debug statements in Tomcat 5.5?

Thanks,
Jim


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Certificate authentication

2005-10-04 Thread James Rome 
I have looked at the source code and it seems to me that presented
client certificates are only checked for their validity dates, and NOT
for whether they have been revoked. I am able to access my Tomcat site
with a revoked certificate.

It is easy to implement OCSP and/or CRL checking, so I implemented an
X509Realm that extends BasicRealm. I overrode all of the authenticate()
methods, but they are never called when I access my site. I put my realm
in the Engine and require CLIENT-CERTS in the site Context.

Why don't my methods get called? The start() method gets called, but
nothing else.

Jim Rome

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Realms and certificates

2005-09-28 Thread James Rome 
None of the standard realms do certificates properly. For example,
o.a.c.authenticator.SSLAuthenticator.java does not check to see if a
certificate has been revoked. The LDAP realm compares the presented
certificate to the one in the LDAP which puts a burden on the LDAP to
unpublish revoked certificates. This is also rather unnecessary because
given the CA certifdicate and the OCSP address, any presented
certificate can be authenticated properly.

So I write my own Realm by extending RealmBase and modifying the public
Principal authenticate(X509Certificate certs[]) method.
I put this realm inside the Engine tag and commented out the
userdatabase realm. But, so far as I can tell, my authenticate method is
never called. Print statements (using the 5.5 log techniques) only
appear from the start() method, never from authenticate(). And I can get
in with revoked client certificates.

Does anyone have an idea of what is happening? How can I debug this?

Thanks,
Jim Rome

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

SSL error -12229

2003-11-03 Thread James Rome 
I have installed Tomcat5 on Solaris in the Sun jwdsp-1.3. I created the 
certificates as per the instructions in the server.xml file, and 
uncommented the ssl server section. But when I try to connect to it, 
after the server presents me with its certificate, I get error -12229

What is wrong?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]