Re: SSL not working on Tomcat
Hi, According to you, one of the steps that you did was , I downloaded their root cert, imported it, converted their cert to DER format (on a separate Linux box), and imported it into the keystore. You seem to be running your application on a windows box. Can that be the reason why your key is not working properly ? Thanks Dhiraj Ramakrishnan On 11/8/06, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: Michael Casale [mailto:[EMAIL PROTECTED] Subject: SSL not working on Tomcat I'm struggling through setting up Tomcat with SSL on a Windows 2003 server, and even when I get the server running, with no errors in the logs when restarting the tomcat service, all I get is a Page Not Found error when I point to the ssl port on the server. Depending on how you installed Tomcat, you may have also gotten the native connector, aka APR. Its SSL configuration is different from the traditional Tomcat connector. Look here for details: http://tomcat.apache.org/tomcat-5.5-doc/apr.html Regardless, you probably want to move up to a more recent level. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Context
Hi , How is the url mapping for the servlet in the web.xml? it should not include /myContext in the url mapping. The servlet url mapping in the web.xml should only be for /somePath/MyServlet What do you get when you just type in https://localhost:8443/myContextPath ? Hope that helps .. bye Dhiraj On 8/16/06, Bala Paranj [EMAIL PROTECTED] wrote: I changed the context to : Context path=/myContextPath appBase= docBase=C:\Program Files\jboss-4.0.4.GA\server\default\deploy debug=99 reloadable=false /Context When I run the client, I get: Marking servlet MySeiServlet as unavailable? in the JBoss console. The client gets the error message: Server returned HTTP response code: 500 for URL: https://localhost:8443/myContextPath/somePath/MyServlet Does anyone know how to get this working? TIA.
Re: JDBCRealm with Simple Servlet Filter
Hi , Thanks for the replies, really appreciate that. I am using BASIC because i am authenticating webservice calls. I already have FORM for a sister application which provides web based access. I want to log authentication failures. Is the only option i have is overwrite BASICAuthenticator under TOMCAT because i will have the access to request and response at that stage and i will know if the user is authenticated or not ? I tried to add a JDBC access valve to TOMCAT but the problem was i had no way of knowing if the user is authenticated when the access details are getting logged in the database. Please let me know if you have any other ideas Thanks Dhiraj Ramakrishnan On 8/11/06, David Smith [EMAIL PROTECTED] wrote: A little googling confirmed my earlier suspicion. The 401 response contains the error page. This is why you can't redirect a 401 error like a 404 or other error responses. -David Pid wrote: If you're using a JDBC realm then you are using Tomcats authentication, which operates at a higher level than Filters and Servlets, so you can't insert anything into the chain there. With Basic Auth, the browser does the submission of credentials, based on the error codes that the server sends. So when it fails, the server sends a 403 or something. If you want to control the pages the user sees, you're probably better off configuring FORM Auth, instead of BASIC. It allows you to specify a page/servlet for the login form, and a page/servlet for the login error page. pid David Smith wrote: I believe in BASIC auth, the client already has the auth failed page during authentication. Once authentication fails, that page is displayed. Short of the images and other resources the error page needs, there is not another request to the server hence no filter call. --David Dhiraj Ramakrishnan wrote: Hello, I have configured a SimpleServletFilter to act as my authentication filter, i want it to do certain things after the authentication has failed. My application is being authenticated using a TOMCAT JDBC Realm. The authentication scheme is BASIC. I noticed that the filter is being called after the authentication is done, that is only if it is a valid user the filter is being called. The filter is not called at all in case the authentication has failed. Any ideas on this problem will be much appreciated. Thanks Dhiraj Ramakrishnan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JDBCRealm with Simple Servlet Filter
Hello, I have configured a SimpleServletFilter to act as my authentication filter, i want it to do certain things after the authentication has failed. My application is being authenticated using a TOMCAT JDBC Realm. The authentication scheme is BASIC. I noticed that the filter is being called after the authentication is done, that is only if it is a valid user the filter is being called. The filter is not called at all in case the authentication has failed. Any ideas on this problem will be much appreciated. Thanks Dhiraj Ramakrishnan
401 Page not getting displayed on failed BASIC authentication
Hello, I am facing a problem with BASIC authentication. On failure of authentication i want the application to go to a servlet where i can find out who failed authentication and log the results in the database. In my web.xml i have mentioned that on 401 error , the application should go to my servlet. But tomcat is not behaving that way it does not go to my servlet, it just goes to the default 401 error page. Another thing i found was that in my web.xml i have mentioned that my servlet is without any security constraint. TOMCAT does not seem to recognize this. If i try to access my servlet with the full path, the servlet is shown only after the BASIC authentication. My web.xml condensed, error-page error-code401/error-code location/unsecured/UnAuthenticatedErrorServlet/location /error-page security-constraint web-resource-collection web-resource-name API/web-resource-name descriptionAccess to the API/description url-pattern/services/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint descriptionThese roles are allowed access/description role-nameIPMS_SYSTEM_ADMINISTRATOR/role-name role-nameUSER_ADMINISTRATOR/role-name /auth-constraint /security-constraint !-- Using basic authentication -- login-config auth-methodBASIC/auth-method realm-nameMYRealm/realm-name /login-config i try to access http://localhost:8080/services/ it shows up the dialogue box but if the authentication is failed it goes to the default tomcat 401 page. i try to access http://localhost:8080/unsecured/ UnAuthenticatedErrorServlet it still shows up the dialogue box though i have explicitly stated that it shouldnot authenticate for this URL Please let me know your ideas on this. Any other suggestions are also welcome. Thanks Dhiraj Ramakrishnan
Can we set the User Principal to another user once a user has been logged in?
Hi, I know the requirement looks a little suspicious but they are valid, The requirements , 1. A user 'SUPERUSER', who can mimic the activities of any user in the system. 2. So 'SUPERUSER' will log in and then pass in a request saying that he wants to impersonate user 'X' 3. Now 'SUPERUSER' will only have all the roles associated with user 'X' 4. When 'SUPERUSER' tries to impersonate 'X' , 'SUPERUSER' has already been authenticated, so i should not ask for X's password from 'SUPERUSER'. Is it possible to have such a behaviour within TOMCAT ? One of the easiest ways is to subsitute the user principal with 'X' once such a request for impersonation comes in. What are the other ways in which i could induce such a behaviour ? Thanks Regards, Dhiraj Ramakrishnan
Can we set the User Principal to another user once a user has been logged in??
HI,