Morten,
HttpServletRequest is simply an interface. If you wanted to subclass it,
you would have to implement every member of the interface. However, you
could do this easily enough by passing every method that you didn't want to
implement to the original request object, for example:
public
hi morten
You can very well take the power of tomcat which helps you to authenticate
in basic JDBC Realm or memory Reams or Userdatabase Realm.
and you can use the request object's method called getremoteuser() to get
the user name used for authentication by the user.Ensure the user name
Why is that a security-issue?
I wan't the user to enter the site by cliking on a link or whatever, so
that the user enters the site using that request. It should be OK, that the
user tryes to go to a restricted page by writing
blabla:8080/MyApp/restrictedRequest.action?site=JustAGuess
But if
[EMAIL PROTECTED]
Sent: Friday, September 26, 2003 10:33 AM
Subject: Re: Authentication - based on request parameters
Why is that a security-issue?
I wan't the user to enter the site by cliking on a link or whatever, so
that the user enters the site using that request. It should be OK
;
break;
}
}
This is simply an example, of course, and I don't know whether such a scheme
would work for you.
- Original Message -
From: Morten Andersen [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Friday, September 26, 2003 10:33 AM
Subject: Re: Authentication - based
PROTECTED]
Sent: Friday, 26 September 2003 20:33
To: Tomcat Users List
Subject: Re: Authentication - based on request parameters
Here is my requirements for the security mechanism:
The whole thing is about making secured rooms for groups of user.
1) It should be possible to make new sites / groups
do it like list below,then the client could only submit his request by the
POST method
security-constraint
display-nameExample Security Constraint/display-name
web-resource-collection
web-resource-nameProtected Area/web-resource-name
Mutual Authentication is where a user needs to have a Client Side
certificate to login to a webapplication which is using a Server Side
Certificate
The Present is more Real than the Past or the Future Put together
From: Tim Funk [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL
In that case, security constraints in web.xml should be fine. (Google for
more detail)
-Tim
Rudolf Castelino wrote:
Mutual Authentication is where a user needs to have a Client Side
certificate to login to a webapplication which is using a Server Side
Certificate
The Present is more Real
Hi all
Is there a way to switch on Mutual and Basic Authentication switched on for
the same web application, such that certain URLs need Basic Authentication
and Certain URLs use Mutual Authentication for the same web application.
Regards
Rudolf
What is mutual authentication?
In web.xml you can define security contraints on servlets or URLS. Each
constraint can have its own login requirements. (FORM vs BASIC ...)
-Tim
Rudolf Castelino wrote:
Hi all
Is there a way to switch on Mutual and Basic Authentication switched on
for the same
I believe somewhere on java.sun.com I saw an article about setting up
JAAS as a tomcat realm to use NT authorisation.
Good luck,
Adam
On 09/23/2003 07:29 AM Peter Harrison wrote:
I was wondering it anyone knows how to do NT based one login authentication
with web applications. I was hoping
On Tue, Sep 23, 2003 at 17:29:03 +1200, Peter Harrison wrote:
I was wondering it anyone knows how to do NT based one login authentication
with web applications. I was hoping there is some way a client can be
authenticated based on their system login.
Obviously there would have
is being run, not the person who has typed in his
name and password in his browser.
There are two solutions:
1. Use JNDI realm to talk to Active Directory.
2. Collect credentials yourself and use native code to call the WinAPI
function LogonUser.
I have written a centralized authentication service. One
There are two solutions:
1. Use JNDI realm to talk to Active Directory.
2. Collect credentials yourself and use native code to call the WinAPI
function LogonUser.
I have written a centralized authentication service. One of the modules
that I created to authenticate users against a Windows
Your best bet when dealing with authentication and users not logging off is
to also include a session expiry for your page. This handles the case where
a user leaves without logging off.
-Hakan
-Original Message-
From: Jon Wingfield [mailto:[EMAIL PROTECTED]
Sent: Monday, September 22
Hello,
I've always used apache http server for client authenticatien with ssl. I've installed
Tomcat now voor mij jsp's.
But I'm not able to get the ssl client authentication working. The problem is getting
my existing certificates working in tomcat. Is apache http server it was very easy. I
You could possibly track the referer header of the request. If the
referer is a site outside your protection domain then re-authenticate.
This could be done in a filter: Check the header, log out the user,
redirect to the requested page to trigger re-authentication.
This technique assumes
the ssl client authentication working. The problem
is getting my existing certificates working in tomcat. Is apache http server
it was very easy. I configured all the stuff in my httpd.conf.
I also tried to get tomcat working with keytool. But ther's something I do
wrong. I alwas get handshake error
I was wondering it anyone knows how to do NT based one login authentication
with web applications. I was hoping there is some way a client can be
authenticated based on their system login.
Obviously there would have to be a common authentication service like LDAP or
Active Directory involved
Hi guys,
Does anyone know how I can implement the above mentioned?
Once they exit the protected realm (i.e. the protected folder in my
htdocs), when they re-enter the site again they will be asked for a
password. I have a simple basic authentication system but it doesn't
track the user when
Subject: Can JSP track users in a basic authentication protected realm ?
Hi guys,
Does anyone know how I can implement the above mentioned?
Once they exit the protected realm (i.e. the protected folder in my
htdocs), when they re-enter the site again they will be asked for a
password. I have a simple
instance of the IE) they will prompted for the password
and ID again.
Currently, with basic authentication ( implemented using HTTP SERVER)
the server does not recognise if the user has moved onto another site
outside the protected realm. If he decides to surf an area outside the
protected realm
I'm having a problem that I was unable to find any info on in the documentation or the
mailing list archives.
I've set up Basic Authentication with Tomcat 4.1.27 and an Oracle LDAP server. I've
got this working just fine but what I really want is Form-Based Authentication which
has thus far
wondered about setting up a filter ,getting the Authentication
header comparing it with the values BASIC ... (constants exist)
Is it the classic way for such job ?
any other clue welcomed
Cheers
jerome
-
To unsubscribe, e-mail
This is 2 different questions.
Can I use LDAP for AUthentication. Yes - via JNDIRealm.
Can I perform authentication via an HTML FORM? Yes, via a security constraint
in web.xml with the type being FORM instead of BASIC. Helping you out furthur
via the mailing list with respect to the second
Hi Matt,
how does it work if you use a meta tag direct in html?
meta http-equiv=content-type content=application/vnd.ms-excel /
On 09/11/2003 07:54 PM Sgarlata Matt wrote:
I'm having trouble using the %@ page contentType= % directive and
container-based authentication. Here is a toy example
[EMAIL PROTECTED]
Sent: Friday, September 12, 2003 4:36 AM
Subject: Re: Setting contentType and also using container-based
authentication
Hi Matt,
how does it work if you use a meta tag direct in html?
meta http-equiv=content-type content=application/vnd.ms-excel /
On 09/11/2003 07:54 PM
Hi,
I am migrating my web application to 4.1.27 from tomcat 3 .
In tomcat 3 , I had following code for authentication in server.xml.
RequestInterceptor className=com.remind.securetomcat.SecRealm debug=0
initCtx=com.sun.jndi.ldap.LdapCtxFactory
ldapHost=ldap://ldap.mycompany.com:389
for authentication in server.xml.
RequestInterceptor className=com.remind.securetomcat.SecRealm
debug=0
initCtx=com.sun.jndi.ldap.LdapCtxFactory
ldapHost=ldap://ldap.mycompany.com:389;
baseDn=ou=active,ou=employees,ou=people,o=mycompany.com
maxDnAge=300
maxPwAge=6000
maxFilterAge=6000
I'm having trouble using the %@ page contentType= % directive and
container-based authentication. Here is a toy example that works great
without container-based authentication but does not work with c.b.a.
enabled:
%@ page contentType=application/vnd.ms-excel %
%
response.setHeader(Content
I'm using tomcat 4.1.27.
I authenticate with FORM login and I get 400 error:
The request sent by the client was syntactically incorrect (Invalid direct reference
to form login page).
when I try to get a page with security constraints Tomcat show me the login page
(action = j_security_check ,
cause problems).
But you are saying after you get this error page you are authenticated and
can access the protected area?
-Original Message-
From: Fabio Bazzani [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 3:17 PM
To: Tomcat Users List
Subject: problem in FORM authentication
.
-
- Original Message -
From: Madere, Colin [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 9:36 PM
Subject: RE: problem in FORM authentication
If searching the archives of this list don't help, try posting a trimmed
.
-Original Message-
From: Fabio Bazzani [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 4:07 PM
To: Tomcat Users List
Subject: Re: problem in FORM authentication
These are my steps:
1) I just call index.jsp
2) click on my link (/prenotazione/index.jsp)
3) tomcat give me
How is it possible I get this message:
HTTP Status 400 - Invalid direct reference to form login page
during JDBC Realm FORM authentication.
These are the stpes I followed :
1. create tables in mysql db :
create table IsInRole(
usernamevarchar(20) not null
I'm working with JDK 1.4.0 and tomcat 4.1.27.
I configured JDBCRealm in server.xml for a FORM authentication.
When I authenticate I get a 400 error code:
message : Invalid direct reference to form login page
description : The request sent by the client was syntactically incorrect (Invalid
direct
-Original Message-
From: Fabio Bazzani [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 03, 2003 11:15 AM
To: Tomcat Users List
Subject: Tomcat 4.1.27 : error in FORM authentication
I'm working with JDK 1.4.0 and tomcat 4.1.27.
I configured JDBCRealm in server.xml
I'm sorry I was not so detailed in my problem description.
I've just done all that you said !
I made a link to a jsp page which was included in a security constraint in
web.xml.
When I click on my link before getting my page, Tomcat give me the login.jsp
to authenticate. The authentication fail
Quoting from the recent 'Tomcat: The Definitive Guide' book: At the time of
this writing, this realm (i.e. JAAS) implementation does not seem to
work Possibly it still doesn't.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
I am trying to run my JAASRealm implementation, and I have it working
successfully on my own apps using Form-based authentication, but when I
try to use it for tomcat's manager tool (configured in
webapps/manager.xml) or any other app using basic authentication, I have
problems.
First of all
Hi all,
I've got a question regarding authentication. I wish to do
authentication without authorisation. So this means everybody
should be free to access my web-resource but I wish to know who it is.
Therefore the accessing user must login.
As probably everybody knows
here I can configure
Krause
auth-constraint
role-name*/role-name
/auth-constraint
Will require authentication but not authorisation.
John.
Krause Karin wrote:
Hi all,
I've got a question regarding authentication. I wish to do
authentication without authorisation. So this means everybody
should
Thanks!
I've tried this!
It runs!!!
-Original Message-
From: John Holman [mailto:[EMAIL PROTECTED]
Sent: Mittwoch, 27. August 2003 13:40
To: Tomcat Users List
Subject: Re: Authentication without authorisation
Krause
auth-constraint
role-name*/role-name
/auth
]
Asunto: Re: Tomcat SSL client authentication problem with Internet
Explore
I'm guessing that you didn't install your CA's cert in MSIE's root
certificates. Since Tomcat will ask for certs signed by your CA, if MSIE
can't find any (that it can verify the chain with), you get an empty box.
Ratón
Howdy, trying to solve an issue before heading out for the weekend, any
insight would be greatly appreciated :-)
From my understanding of the CMA docs for Tomcat, a user's credentials are
cached after login, and a user is authenticated until the session expires
(FORM) or the browser is restarted
Sasha Borodin [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Howdy, trying to solve an issue before heading out for the weekend, any
insight would be greatly appreciated :-)
From my understanding of the CMA docs for Tomcat, a user's credentials are
cached after login, and a user
My setup:
JWSDP 1.2
Windows XP Pro
JDK 1.4.2
I want to know who's accessing a certain web page after they've
authenticated to Tomcat. No problem if I use BASIC authentication.
However, when I use SSL-CLIENT authentication, calling getUserPrincipal() on
the incoming Request object returns null
Hi!
I have a problem with Tomcat 4.0.6 and SSL client authentication. When I use the
Internet Explorer browser (v6.0) and I try to access the secure URL (for example
https://whatever:8043), an empty list of certificates is presented. However, if I use
Mozilla 1.4 or Netscape 4.76, the client
]
Hi!
I have a problem with Tomcat 4.0.6 and SSL client authentication. When I use
the Internet Explorer browser (v6.0) and I try to access the secure URL (for
example https://whatever:8043), an empty list of certificates is presented.
However, if I use Mozilla 1.4 or Netscape 4.76, the client
Hi
I've managed to solve this problem by adding the attribute:
referrals=follow to the JNDIRealm element in the server.xml file.
Hope this will help somebody else one day.
Regards
Carel-J
On Tue, 12 Aug 2003 21:18:59 +0200 carel-j rischmuller
([EMAIL PROTECTED]) wrote:
Good day.
I've
Good day.
I've succeeded in setting up the JNDIRealm to connect and
authenticate to AD (Active Directory) if the exact context (tree path)
to the user element is known. I just set the userBase to that exact
context. E.g. userBase=ou=Office1,dc=Company,dc=net
However, I'm having trouble setting
In Bugzilla with a really bad hack fix. I'm trying to reopen the ticket.
I'm attempting to use a combination of an error-page for 401 codes and BASIC
authentication. My version is Tomcat 4.1.27 on Windows XP.
Without the error-page, the authentication works fine. A username/password
dialog is presented when attempting to enter the /sponsor, /webmaster, or
/admin
]
[EMAIL PROTECTED] cc:
dkSubject: Tomcat authentication
Adam Sherman writes:
2003-07-27 13:44:06 JNDIRealm[Standalone]: validating credentials by
binding as the user
2003-07-27 13:44:06 JNDIRealm[Standalone]: binding as
uid=adam,ou=People,dc=tritus,dc=ca
2003-07-27 13:44:06 JNDIRealm[Standalone]: bind attempt failed
JNDIRealm is attempting to
I looking for a realm implementation, designpattern or api that makes Tomcat able to
authentificate
against a unix/linux operating system.
This will be the best solution for my little problem of maintaining two user lists -
The users for
Tomcat and the users for my operating system.
Alternately
authentication). The user enters their credentials and gets
logged into the app.
As you can see that during registration the user needs to first register,
and then login. This is big inconvenience and a usability issue. To avoid
this i would like the user to register after which i want to
programmatically
the request and forwards to the login screen (am using
form based authentication). The user enters their credentials and gets
logged into the app.
As you can see that during registration the user needs to first register,
and then login. This is big inconvenience and a usability issue. To avoid
, Sasha Borodin [EMAIL PROTECTED] wrote:
I'd like to get some suggestions for performing post-authentication tasks
while using Container Managed Authentication.
Craig Berry suggested a filter that checks the session for necessary
attributes, and creates them if they're missing. This check would
Hi,
I'm using Tomcat 4.0.6 and configured it for client authentication. This works fine.
Then I tried to add a realm to a certain webapp in order to control access. As I have
read in several sources either the client certificates Common Name or the complete
Distinguished name are used
Transmit Report:
To: [EMAIL PROTECTED], 402 Local User Inbox Full ([EMAIL PROTECTED])
---BeginMessage---
I'd like to get some suggestions for performing post-authentication tasks
while using Container Managed Authentication.
Craig Berry suggested a filter that checks the session for necessary
My appologies for taking so long to reply. Thank you very much for your
input!
Hayo Schmidt writes:
Is 'mail' the naming value?
This means, if you export to an ldif file you should find a line
dn: [EMAIL PROTECTED],ou=People,dc=tritus,dc=ca
As you can see from the log snipped below:
I'm using
- Tomcat 4.1.24
- JDK 1.4.x (Sun version)
- Redhat Linux 7.3
- Lotus Domino 5.0.12 as an LDAP server
When I login for the first time, everything works fine. However, after a
while authentication stops working. I tried restarting Domino LDAP
service but it did not help. If I restart
Is 'mail' the naming value?
This means, if you export to an ldif file you should find a line
dn: [EMAIL PROTECTED],ou=People,dc=tritus,dc=ca
Hayo Schmidt
Adam Sherman schrieb:
I am trying to get JNDIRealm to authenticate against my LDAP tree:
Realm
are done the same way
(either both via JNDI, or both via a file).
If this is possible, is it possible to do the authentication with some
roles coming via LDAP, and some in a local file?
(OK, I accept that anything's possible if I code my own Realm class -
I'm hoping it's possible without going that far
tried to use what I've
found but I'm still having a problem...
I'm trying to do SSL client authentication with Tomcat 4.1.18
BB (clientAuth=true).
1. I've generated a client certificate using keytool:
keytool -genkey -alias tomcat-cl -keyalg RSA -keystore
BB client.keystore
2
Is 'mail' the naming value?
This means, if you export to an ldif file you should find a line
dn: [EMAIL PROTECTED],ou=People,dc=tritus,dc=ca
Hayo Schmidt
Adam Sherman schrieb:
I am trying to get JNDIRealm to authenticate against my LDAP tree:
Realm
I'd like to get some suggestions for performing post-authentication tasks
while using Container Managed Authentication.
Craig Berry suggested a filter that checks the session for necessary
attributes, and creates them if they're missing. This check would be
performed on every request however
If this is not an appropriate list to ask design questions, could someone
point me to a more suitable resource? Perhaps the tomcat-dev list?
Thank you,
-Sasha Borodin
On 7/28/03 11:35, Sasha Borodin [EMAIL PROTECTED] wrote:
I'd like to get some suggestions for performing post-authentication
/28/03 11:35, Sasha Borodin [EMAIL PROTECTED] wrote:
I'd like to get some suggestions for performing post-authentication tasks
while using Container Managed Authentication.
Craig Berry suggested a filter that checks the session for necessary
attributes, and creates them if they're missing
suggestions for performing post-authentication
tasks
while using Container Managed Authentication.
Craig Berry suggested a filter that checks the session for necessary
attributes, and creates them if they're missing. This check would be
performed on every request however.
Has anyone implemented
for performing post-authentication
tasks
while using Container Managed Authentication.
Craig Berry suggested a filter that checks the session for necessary
attributes, and creates them if they're missing. This check would be
performed on every request however.
Has anyone implemented
they want.
-Original Message-
From: Sasha Borodin [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2003 11:35 AM
To: Tomcat Users List
Subject: Post-authentication tasks
I'd like to get some suggestions for performing
post-authentication tasks while using Container Managed
On 7/28/03 11:35, Sasha Borodin [EMAIL PROTECTED] wrote:
I'd like to get some suggestions for performing
post-authentication
tasks
while using Container Managed Authentication.
Craig Berry suggested a filter that checks the session for necessary
attributes, and creates them if they're
(and cookie sent to browser) as
soon as the login form is requested (before the authentication takes place).
So this would make a SessionListener not useful unfortunately.
Are you convinced that a filter would be too much load ?
Is there a single point of entry to your app? How about a short piece
that
the session owner is Authenticated.
From my observations, a session is created (and cookie sent to browser) as
soon as the login form is requested (before the authentication takes
place).
So this would make a SessionListener not useful unfortunately.
Are you convinced that a filter would be too
S.Rogulin wrote in message
BB news:[EMAIL PROTECTED]
Hello all,
Sorry for the previous e-mail. %)
This theme was discussed about month ago. I tried to use what I've
found but I'm still having a problem...
I'm trying to do SSL client authentication with Tomcat 4.1.18
BB (clientAuth=true).
1
I am trying to get JNDIRealm to authenticate against my LDAP tree:
Realm className=org.apache.catalina.realm.JNDIRealm
debug=200
connectionURL=ldap://localhost:389;
userBase=ou=People,dc=tritus,dc=ca
userSearch=(mail={0})
still having a problem...
I'm trying to do SSL client authentication with Tomcat 4.1.18
BB (clientAuth=true).
1. I've generated a client certificate using keytool:
keytool -genkey -alias tomcat-cl -keyalg RSA -keystore
client.keystore
2. Then I created Certificate Signing Request
Hey everyone, really hope you can help because I
really hit the wall here. I configured and installed
Tomcat 4.1.24 with IIS running on Windows 2000, now I
cannot get my basic authentication to work. I have it
configured in web.xml and it worked before when it was
Tomcat only stand-alone, now
] wrote in message
news:[EMAIL PROTECTED]
Hello all,
Sorry for the previous e-mail. %)
This theme was discussed about month ago. I tried to use what I've
found but I'm still having a problem...
I'm trying to do SSL client authentication with Tomcat 4.1.18
(clientAuth=true).
1. I've generated
Hello all,
I'm
Best regards,
Dmitry.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Hello all,
Sorry for the previous e-mail. %)
This theme was discussed about month ago. I tried to use what I've
found but I'm still having a problem...
I'm trying to do SSL client authentication with Tomcat 4.1.18 (clientAuth=true).
1. I've generated a client certificate using keytool
am agree with you but I don't try to access directly to login.jsp, I call the
site presentation page index.jsp.
Following are my to authentication jsp pages :
Login.jsp :
-
html
head
titleLogin Page for Examples/title
body bgcolor=white
form method=POST action
Hi,
I'm trying to use Realms for the first time. The
documentation of Tomcat is pretty straight foward and
everything is clear (and surprisingly simple), except
how I must name the action=??? paramaters for my
form in which the authentication is done.
The Tomcat example is:
form method=POST
This is a three part problem.
First you have a process that does the challenging of access. In the case
of Form Based Authentication this means
redirecting the user to a login page.
Second you have a scheme to take the credentials the user provides and
validate them. This is the job
Authentication in Tomcat 4.1.24
Bug #15790 is only if you are fronting Tomcat with Apache/IIS/SunONE. If
you are using the stand-alone connector, it doesn't apply. I'm guessing
that this isn't your problem, since you'd get a different error.
To use this setup, you need to be using MemoryRealm
:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 8:28 AM
To: 'Tomcat Users List'
Subject: RE: HELP! Client Authentication in Tomcat 4.1.24
That's what I thought. I'm not using Tomcat with Apache/IIS/SunONE, but
rather standalone.
You mentioned that I need to be using the MemoryRealm. I looked
Is anyone using digest authentication?
Or form authentication?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
If everyone using those, responds we would have a plethora of mails :).
Please post your question.
-Original Message-
From: Hirsch, Barbara [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 3:25 PM
To: 'Tomcat Users List'
Subject: digest/form authentication
Is anyone using digest
Sorry, my question then is how do i configure my tomcat to do either form
based or digest authentication? I can't seem to find it in the
documentation at Jakarta. I'm also running Tomcat with JBoss and not sure
that that matters. Does it?
-Original Message-
From: Sudhir Movva
Hello,
I work with Tomcat 4.1.24 and I have a problem with authentication (I use
DataSourceRealm) at runtime.
On login page, if I enter login - password existing in database with the rigth role to
access to the specified ressource it is OK
(the targeted page is displayed).
The problem happens
to that location.
If you navigate directly to login.jsp, then j_security_check doesn't know
where to forward you to.
v.siguier wrote:
Hello,
I work with Tomcat 4.1.24 and I have a problem with authentication (I use DataSourceRealm) at runtime.
On login page, if I enter login - password existing
I am attempting to use client certificate authentication with Tomcat 4.1.24,
but each time I connect via a browser (Internet Explorer) Tomcat indicates
that it is unable to authenticate with the provided credentials.
My client certificate is a personal certificate from Thawte
I am agree with you but I don't try to access directly to login.jsp, I call the site
presentation page index.jsp.
Following are my to authentication jsp pages :
Login.jsp :
-
html
head
titleLogin Page for Examples/title
body bgcolor=white
form method=POST action
PROTECTED]
Sent: Wednesday, July 23, 2003 1:02 PM
To: '[EMAIL PROTECTED]'
Subject: HELP! Client Authentication in Tomcat 4.1.24
I am attempting to use client certificate authentication with Tomcat 4.1.24,
but each time I connect via a browser (Internet Explorer) Tomcat indicates
that it is unable
to authentication jsp pages :
Login.jsp :
-
html
head
titleLogin Page for Examples/title
body bgcolor=white
form method=POST action='%= response.encodeURL(j_security_check) %'
table border=0 cellspacing=5
tr
th align=rightUsername:/th
td align=leftinput type=text name
:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2003 1:44 PM
To: 'Tomcat Users List'
Subject: RE: HELP! Client Authentication in Tomcat 4.1.24
This is the part you were missing. Unfortunately, the handling of Client
certs in the Jk-Coyote connector is broken in 4.1.24 (see
http://nagoya.apache.org
doesn't handle CLIENT-CERT authentication. When I'm testing
this, I usually get rid of the 'Resource name=UserDatabase ...', since
it has a bad habit of messing up cert subjects when it re-saves the file
:-).
With 4.1.26, if you enable TRACE logging, it will print the cert out to the
log (I use
701 - 800 of 1763 matches
Mail list logo
