Re: Client cert authentication
Thanks again Mark, I think it will be difficult to move to Tomcat 6 soon. If I change mod_proxy to mod_jk, does mod_jk passes the client cert to Tomcat 5.5? Thank you, Andre Mark Thomas wrote: On 22/04/2010 20:00, acastanheira2001 wrote: Thanks Mark, I use mod_proxy (ProxyPass and ProxyReverse) to connect Apache (2.2.3) to Tomcat(5.5)/Jboss (4.2). Can mod_proxy pass client cert to Tomcat? With 5.5.x, not with out some custom code. With 6.0.x, yes. You'd need to port this to Tomcat 5: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java?view=annotate Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/Client-cert-authentication-tp28287654p28364194.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client cert authentication
Thanks Mark, I use mod_proxy (ProxyPass and ProxyReverse) to connect Apache (2.2.3) to Tomcat(5.5)/Jboss (4.2). Can mod_proxy pass client cert to Tomcat? I use the following code to get the client cert, but certs object is null: public void verificaCertCliente(HttpServletRequest req) throws ServletException { String[] mensagem = null; X509Certificate[] certs = (X509Certificate[]) req.getAttribute(javax.servlet.request.X509Certificate); if (certs != null) { for (int i = 0; i certs.length; i++) { mensagem[i] = (Client Certificate [ + i + ] = + certs[i].toString()); log.info(mensagem[i]); } } else { if (https.equals(req.getScheme())) { log.info(This was an HTTPS request, + but no client certificate is available); } else { log.info(This was not an HTTPS request, + so no client certificate is available); } } } Thanks in advance for your attention. markt-2 wrote: On 19/04/2010 13:05, acastanheira2001 wrote: Hi, I have an apache server in front of Tomcat/Jboss, the former receives the client cert and does revocation list and trust validation. I need to pass the client cert to Tomcat only to check the SubjectAltNames. As far as trust accreditation is done by apache, does Tomcat need to have a keystore and https set? No. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/Client-cert-authentication-tp28287654p28333274.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Client cert authentication
Hi, I have an apache server in front of Tomcat/Jboss, the former receives the client cert and does revocation list and trust validation. I need to pass the client cert to Tomcat only to check the SubjectAltNames. As far as trust accreditation is done by apache, does Tomcat need to have a keystore and https set? Thanks, André -- View this message in context: http://old.nabble.com/Client-cert-authentication-tp28287654p28287654.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to hide x-poweredBY response header
Mark, Could you tell me what Tomcat doc is? Thanks for your atention, Andre Mark Thomas-18 wrote: acastanheira2001 wrote: Hi, Although I´ve set false to xpoweredBy tag, it continues to appear in response headers. init-param param-namexpoweredBy/param-name param-valuefalse/param-value /init-param Where did you read that was the way to set it? That isn't what the Tomcat docs say. How to hide the following information? X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP02 (build: SVNTag=JBPAPP_4_2_0_GA_CP02 date=200801291544)/Tomcat-5.5 But given you are using JBoss, it could be completely different. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/How-to-hide-x-poweredBY-response-header-tp24796578p24807658.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to hide x-poweredBY response header
Folks, My conf/web.xml config is: !-- == Common filter Configuration -- filter filter-nameCommonHeadersFilter/filter-name filter-classorg.jboss.web.tomcat.filters.ReplyHeaderFilter/filter-class init-param param-nameX-Powered-By/param-name param-valueServlet 2.4; JBoss-4.2.0.GA_CP02 (build: SVNTag=JBPAPP_4_2_0_GA_CP02 date=200801291544)/Tomcat-5.5/param-value /init-param /filter ... !-- The JSP page compiler and execution servlet, which is the mechanism -- !-- used by Tomcat to support JSP pages. Traditionally, this servlet -- !-- is mapped to the URL pattern *.jsp. This servlet supports the -- !-- following initialization parameters (default values are in square -- !-- brackets): -- !-- xpoweredBy Determines whether X-Powered-By response -- !-- header is added by generated servlet [false] -- servlet servlet-namejsp/servlet-name servlet-classorg.apache.jasper.servlet.JspServlet/servlet-class init-param param-namefork/param-name param-valuefalse/param-value /init-param init-param param-namexpoweredBy/param-name param-valuefalse/param-value /init-param As we can see, xpoweredBy is set to false. Another config in server.xml: !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 address=${jboss.bind.address} maxThreads=250 maxHttpHeaderSize=8192 emptySessionPath=true protocol=HTTP/1.1 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / The http://tomcat.apache.org/tomcat-6.0-doc/config/http.html says xpoweredBy has default false. Any ideas appreciated. Thanks, André Tim Funk-2 wrote: See conf/web.xml in your tomcat installation (and look for xpoweredBy in the comments) - if that doesn't exist - then you'll need to consult the JBOSS docs since they configure it in a different manner. -Tim acastanheira2001 wrote: Mark, Could you tell me what Tomcat doc is? Thanks for your atention, Andre Mark Thomas-18 wrote: acastanheira2001 wrote: Hi, Although I´ve set false to xpoweredBy tag, it continues to appear in response headers. init-param param-namexpoweredBy/param-name param-valuefalse/param-value /init-param Where did you read that was the way to set it? That isn't what the Tomcat docs say. How to hide the following information? X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP02 (build: SVNTag=JBPAPP_4_2_0_GA_CP02 date=200801291544)/Tomcat-5.5 But given you are using JBoss, it could be completely different. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/How-to-hide-x-poweredBY-response-header-tp24796578p24810405.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to hide x-poweredBY response header
Hi, Although I´ve set false to xpoweredBy tag, it continues to appear in response headers. init-param param-namexpoweredBy/param-name param-valuefalse/param-value /init-param How to hide the following information? X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP02 (build: SVNTag=JBPAPP_4_2_0_GA_CP02 date=200801291544)/Tomcat-5.5 Thanks, Andre -- View this message in context: http://www.nabble.com/How-to-hide-x-poweredBY-response-header-tp24796578p24796578.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
useHttpOnly - how to?
Hi, I´ve set useHttpOnly=true in /opt/jboss/server/myserver/deploy/jboss-web.deployer/context.xml. Context cookies=true crossContext=true useHttpOnly=true /Context But the cookie continues to respond to javascript commands. Any ideas appreciated. Thanks, Andre X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP02 (build: SVNTag=JBPAPP_4_2_0_GA_CP02 date=200801291544)/Tomcat-5.5 -- View this message in context: http://www.nabble.com/useHttpOnly---how-to--tp24518467p24518467.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: useHttpOnly - how to?
Thanks for your reply. It appears on http://tomcat.apache.org/tomcat-6.0-doc/config/context.html; but not in http://tomcat.apache.org/tomcat-5.5-doc/config/context.html;. Andre Konstantin Kolinko wrote: X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP02 (build: SVNTag=JBPAPP_4_2_0_GA_CP02 date=200801291544)/Tomcat-5.5 There is a build date in the above header. useHttpOnly is a recent feature. It was not implemented back in January 2008. Also, that JBoss version is using Tomcat 5.5. For 5.5 branch it will be in Tomcat 5.5.28 (not yet released). For 6.0 it is available since 6.0.20 release. (or 6.0.19, but that version was not released) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/useHttpOnly---how-to--tp24518467p24521714.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to use the error page config of Apache in tomcat?
Hi, Apache has an internationalized error page system configured on errors.conf. I use apache and tomcat on the same machine, so I would like that tomcat use the same error page config. Any ideas? Thanks, Andre -- View this message in context: http://www.nabble.com/How-to-use-the-error-page-config-of-Apache-in-tomcat--tp24460442p24460442.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org