Hi, I'm using JBoss 4.2.2.GA for a J2EE web application, running on a secured VPN. The application must all be SSL-enabled and the users accesing it must have an USB eToken Pro (with their client certificate on it). The application runs on Internet Explorer 7 (client requirement).
If the user removes the usb token the web application must not allow any other operation. If I run the application on Firefox 3, remove the token and then try to continue with the application an error message appears: anonymous wrote : Secure Connection Failed | PKCS#11 token was inserted or removed while operation was in progress. | (Error code: ssl_error_token_insertion_removal) Internet Explorer 7 doesn't have the same behavior if I remove the token. On IE7 the application behaves the same even if I remove the token. Can someone give me some advice on how to configure this behavior on JBoss (when the user removes the token, the application must not be accessible anymore) ? How can I enforce client certificate authentication not just at login time, but more frequently so if the user removes the token the application must not be accessible anymore ? In Apache Http Server there is an option to configure the SSL Session Timeout, but could not find this in JBoss AS (in embedded Tomcat): anonymous wrote : Apache Http Server | # SessionCache Timeout: | # This directive sets the timeout in seconds for the information stored | # in the global/inter-process SSL Session Cache. It can be set as low as | # 15 for testing, but should be set to higher values like 300 in real life. | SSLSessionCacheTimeout 30 The SSL Connector in JBoss is configured as follows: <!-- SSL/TLS Connector with encrypted keystore/truststore password configuration --> | <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" | maxThreads="150" scheme="https" secure="true" | clientAuth="true" strategy="ms" | address="${jboss.bind.address}" | sslProtocol = "TLS" | securityDomain="java:/jaas/security-domain" | SSLImplementation="org.jboss.net.ssl.JBossImplementation" /> The JaasSecurityDomain MBean is configured like this: <server> | <mbean code="org.jboss.security.plugins.JaasSecurityDomain" | name="jboss.security:service=SecurityDomain"> | <constructor> | <arg type="java.lang.String" value="security-domain"></arg> | </constructor> | <attribute name="KeyStoreURL">${jboss.server.home.dir}/conf/server.keystore</attribute> | <attribute name="KeyStorePass">{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/conf/serverKeystore.password</attribute> | <attribute name="TrustStoreURL">${jboss.server.home.dir}/conf/user.truststore</attribute> | <attribute name="TrustStorePass">{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/conf/userTruststore.password</attribute> | <attribute name="Salt">jbossserver</attribute> | <attribute name="IterationCount">13</attribute> | </mbean> | </server> Any help at all would be highly appreciated. Thanks. Andrei View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4225896#4225896 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4225896 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user