Re: Client cert authentication
Thanks again Mark, I think it will be difficult to move to Tomcat 6 soon. If I change mod_proxy to mod_jk, does mod_jk passes the client cert to Tomcat 5.5? Thank you, Andre Mark Thomas wrote: On 22/04/2010 20:00, acastanheira2001 wrote: Thanks Mark, I use mod_proxy (ProxyPass and ProxyReverse) to connect Apache (2.2.3) to Tomcat(5.5)/Jboss (4.2). Can mod_proxy pass client cert to Tomcat? With 5.5.x, not with out some custom code. With 6.0.x, yes. You'd need to port this to Tomcat 5: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java?view=annotate Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/Client-cert-authentication-tp28287654p28364194.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client cert authentication
Thanks Mark,
I use mod_proxy (ProxyPass and ProxyReverse) to connect Apache (2.2.3) to
Tomcat(5.5)/Jboss (4.2). Can mod_proxy pass client cert to Tomcat?
I use the following code to get the client cert, but certs object is null:
public void verificaCertCliente(HttpServletRequest req) throws
ServletException
{
String[] mensagem = null;
X509Certificate[] certs = (X509Certificate[])
req.getAttribute(javax.servlet.request.X509Certificate);
if (certs != null) {
for (int i = 0; i certs.length; i++) {
mensagem[i] = (Client Certificate [ + i + ] = +
certs[i].toString());
log.info(mensagem[i]);
}
} else {
if (https.equals(req.getScheme())) {
log.info(This was an HTTPS request, + but no client certificate is
available);
} else {
log.info(This was not an HTTPS request, + so no client certificate
is available);
}
}
}
Thanks in advance for your attention.
markt-2 wrote:
On 19/04/2010 13:05, acastanheira2001 wrote:
Hi,
I have an apache server in front of Tomcat/Jboss, the former receives the
client cert and does revocation list and trust validation.
I need to pass the client cert to Tomcat only to check the
SubjectAltNames.
As far as trust accreditation is done by apache, does Tomcat need to have
a
keystore and https set?
No.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
View this message in context:
http://old.nabble.com/Client-cert-authentication-tp28287654p28333274.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Client cert authentication
Hi, I have an apache server in front of Tomcat/Jboss, the former receives the client cert and does revocation list and trust validation. I need to pass the client cert to Tomcat only to check the SubjectAltNames. As far as trust accreditation is done by apache, does Tomcat need to have a keystore and https set? Thanks, André -- View this message in context: http://old.nabble.com/Client-cert-authentication-tp28287654p28287654.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to hide x-poweredBY response header
Mark, Could you tell me what Tomcat doc is? Thanks for your atention, Andre Mark Thomas-18 wrote: acastanheira2001 wrote: Hi, Although I´ve set false to xpoweredBy tag, it continues to appear in response headers. init-param param-namexpoweredBy/param-name param-valuefalse/param-value /init-param Where did you read that was the way to set it? That isn't what the Tomcat docs say. How to hide the following information? X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP02 (build: SVNTag=JBPAPP_4_2_0_GA_CP02 date=200801291544)/Tomcat-5.5 But given you are using JBoss, it could be completely different. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/How-to-hide-x-poweredBY-response-header-tp24796578p24807658.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to hide x-poweredBY response header
Folks,
My conf/web.xml config is:
!-- == Common filter Configuration --
filter
filter-nameCommonHeadersFilter/filter-name
filter-classorg.jboss.web.tomcat.filters.ReplyHeaderFilter/filter-class
init-param
param-nameX-Powered-By/param-name
param-valueServlet 2.4; JBoss-4.2.0.GA_CP02 (build:
SVNTag=JBPAPP_4_2_0_GA_CP02 date=200801291544)/Tomcat-5.5/param-value
/init-param
/filter
...
!-- The JSP page compiler and execution servlet, which is the mechanism
--
!-- used by Tomcat to support JSP pages. Traditionally, this servlet
--
!-- is mapped to the URL pattern *.jsp. This servlet supports the
--
!-- following initialization parameters (default values are in square
--
!-- brackets):
--
!-- xpoweredBy Determines whether X-Powered-By response
--
!-- header is added by generated servlet [false]
--
servlet
servlet-namejsp/servlet-name
servlet-classorg.apache.jasper.servlet.JspServlet/servlet-class
init-param
param-namefork/param-name
param-valuefalse/param-value
/init-param
init-param
param-namexpoweredBy/param-name
param-valuefalse/param-value
/init-param
As we can see, xpoweredBy is set to false.
Another config in server.xml:
!-- A Connector represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking
non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
--
Connector port=8080 address=${jboss.bind.address}
maxThreads=250 maxHttpHeaderSize=8192
emptySessionPath=true protocol=HTTP/1.1
enableLookups=false redirectPort=8443 acceptCount=100
connectionTimeout=2 disableUploadTimeout=true /
The http://tomcat.apache.org/tomcat-6.0-doc/config/http.html says
xpoweredBy has default false.
Any ideas appreciated.
Thanks,
André
Tim Funk-2 wrote:
See conf/web.xml in your tomcat installation (and look for xpoweredBy in
the comments) - if that doesn't exist - then you'll need to consult the
JBOSS docs since they configure it in a different manner.
-Tim
acastanheira2001 wrote:
Mark,
Could you tell me what Tomcat doc is?
Thanks for your atention,
Andre
Mark Thomas-18 wrote:
acastanheira2001 wrote:
Hi,
Although I´ve set false to xpoweredBy tag, it continues to appear in
response headers.
init-param
param-namexpoweredBy/param-name
param-valuefalse/param-value
/init-param
Where did you read that was the way to set it? That isn't what the
Tomcat docs say.
How to hide the following information?
X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP02 (build:
SVNTag=JBPAPP_4_2_0_GA_CP02 date=200801291544)/Tomcat-5.5
But given you are using JBoss, it could be completely different.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
View this message in context:
http://www.nabble.com/How-to-hide-x-poweredBY-response-header-tp24796578p24810405.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
How to hide x-poweredBY response header
Hi, Although I´ve set false to xpoweredBy tag, it continues to appear in response headers. init-param param-namexpoweredBy/param-name param-valuefalse/param-value /init-param How to hide the following information? X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP02 (build: SVNTag=JBPAPP_4_2_0_GA_CP02 date=200801291544)/Tomcat-5.5 Thanks, Andre -- View this message in context: http://www.nabble.com/How-to-hide-x-poweredBY-response-header-tp24796578p24796578.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
useHttpOnly - how to?
Hi, I´ve set useHttpOnly=true in /opt/jboss/server/myserver/deploy/jboss-web.deployer/context.xml. Context cookies=true crossContext=true useHttpOnly=true /Context But the cookie continues to respond to javascript commands. Any ideas appreciated. Thanks, Andre X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP02 (build: SVNTag=JBPAPP_4_2_0_GA_CP02 date=200801291544)/Tomcat-5.5 -- View this message in context: http://www.nabble.com/useHttpOnly---how-to--tp24518467p24518467.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: useHttpOnly - how to?
Thanks for your reply. It appears on http://tomcat.apache.org/tomcat-6.0-doc/config/context.html; but not in http://tomcat.apache.org/tomcat-5.5-doc/config/context.html;. Andre Konstantin Kolinko wrote: X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP02 (build: SVNTag=JBPAPP_4_2_0_GA_CP02 date=200801291544)/Tomcat-5.5 There is a build date in the above header. useHttpOnly is a recent feature. It was not implemented back in January 2008. Also, that JBoss version is using Tomcat 5.5. For 5.5 branch it will be in Tomcat 5.5.28 (not yet released). For 6.0 it is available since 6.0.20 release. (or 6.0.19, but that version was not released) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/useHttpOnly---how-to--tp24518467p24521714.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to use the error page config of Apache in tomcat?
Hi, Apache has an internationalized error page system configured on errors.conf. I use apache and tomcat on the same machine, so I would like that tomcat use the same error page config. Any ideas? Thanks, Andre -- View this message in context: http://www.nabble.com/How-to-use-the-error-page-config-of-Apache-in-tomcat--tp24460442p24460442.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
