Hi, all -
I've configured Tomcat 4.1.18 on RH Linux 8 server. Then I need some
authentication for certain
directories under webapps. So I configured server.xml, web.xml and
tomcat-users.xml creating a
role and its username with password. It works only for individual file
with an extension
try /document/* as the url-pattern or /document/*.doc if you want the .doc files under
/document to be protected ...
-Original Message-
From: Daniel Zhang [mailto:[EMAIL PROTECTED]
Sent: 22. juli 2003 14:48
To: Tomcat Users List
Subject: Basic Authentication not work for directory
Hi
need to be public. So if I put *.doc, it will
block all doc files.
BTW, /document/*.doc never work. You still can get doc file under
document without authentication window pop-up. The only way to block doc
file is to put *.doc between url-pattern and /url-pattern. It is not
right as what many
Hi
I have successfully setup Tomcat with SSL and client authentication, and I
have successfully identified myself to the web application using a browser
certificate. But when I access a port with client authentication enabled
WITHOUT sending a certificate, I receive an error from Tomcat. I would
to
the page, the page will be displayed otherwise an error message will appear
and, ideally, the user will be offered the opportunity to log on again in
case the browser has been shared between different users.
I'm using a JDBC realm with a user and a role table. Authentication of the
user works
: Thursday, 17 July 2003 09:57
To: [EMAIL PROTECTED]
Subject: Authentication by role
I am trying to control access to web pages using a list of authorised roles.
The model would have each page in the secure area accessible by one or more
roles and have users authenticate themselves and be assigned
Muhammad Bilal wrote:
I want to have a synchronization between the authentication stuff. Like,
I have a web site, and every user has some role, and every user can
access some protected resource based on his role. Now I want to use JDBC
realm for this purpose with Form auth. so that user logs
How about asking the php folks?
If this were java - just use HttpClient from jakarta-commons.
-Tim
bin cai wrote:
Hi,
In client side i wrote a php script trying to invoke a cgi script in web server
$fp = fsockopen (http://webserver, 80, $errno, $errstr, 30);
if (!$fp) {
echo $errstr
I can use Basic auth, and FORM-based auth,using the UserDatabaseRealm, with no
problem. But when I try to use DIGEST, like this:
login-config
auth-methodDIGEST/auth-method
realm-nameUserDatabase/realm-name
...etc
Tomcat obviously recognizes the keyword, because I get prompted by a
Hello,
I'm trying to get Tomcat 4.1.24 working with CLIENT-CERT authentication and
am having some difficulty. Would someone please assist me? Thanks in
advance ..
I have performed the following steps:
1. Using keytool I created a keystore named server.keystore to contain the
server
Hi,
I am using Form Authentication with Tomcat 4.1.18. Every thing seems
working, when I try to access a protected resource directly, it takes me to
the login.jsp and if enter correct user/password it logs me in and takes to
protected resource. But if I try to go to login.jsp first and enters
I just started trying to use Form AUTH and JDBCRealm a couple days ago, and I am seeing the exact same behavior.
Muhammad Bilal wrote:
Hi,
I am using Form Authentication with Tomcat 4.1.18. Every thing seems
working, when I try to access a protected resource directly, it takes me
AM
To: [EMAIL PROTECTED]
Subject: Tomcat: j_security_check: Form Authentication
Hi,
I am using Form Authentication with Tomcat 4.1.18. Every thing seems
working, when I try to access a protected resource directly,
it takes me to
the login.jsp and if enter correct user/password it logs
Mike Curwen wrote:
The problem is in the error message:
Invalid direct reference to form login page
In brief: With container-based auth, when a user attempts to access a
protected resource, the container will 'remember' which resource they
tried to access, and send them off to the form login
Does anyone know if it is possible to have a FORM-based authentication with webdav
servlet (which is open as a web folder).
I have tried, but unsuccessfully. If a servlet runs in a regular way (HTTP://),
the form log-in page is displayed. However, if the webdav servlet is open
I want to have a synchronization between the authentication stuff. Like, I
have a web site, and every user has some role, and every user can access
some protected resource based on his role. Now I want to use JDBC realm for
this purpose with Form auth. so that user logs into the site only once
Hi,
In client side i wrote a php script trying to invoke a cgi script in web server
$fp = fsockopen (http://webserver, 80, $errno, $errstr, 30);
if (!$fp) {
echo $errstr ($errno)br\n;
} else {
fputs ($fp, GET /bintest.cgi? HTTP/1.0\r\nHost:http://webserver\r\n\r\n;);
}
The web
I assume you are using Basic AUTH here, right? Then send the
username/password combo like this..
http://myusername:[EMAIL PROTECTED]/
Obviously, this kind of puts the username/password combo out there is clear
text for all to see. However, that happens even with normal Basic
AUTH. Base64
I can set up Tomcat's authentication fine, either basic (or digest) or form-based.
Everything I read seems to prefer form-based, because you can customize the screen.
However, basic as least encrypts the userID/password, and digest does that even
better. But form-based just sends these thing
Basic authentication is so weak that it is the equivalent of cleartext. If
security of a password is an issue, use SSL.
-Tim
Dave Naden wrote:
I can set up Tomcat's authentication fine, either basic (or digest) or form-based. Everything I read seems to prefer form-based, because you can
Use SSL with Form Based AUTH.
Then all traffic is SSL protected.
Dave Naden wrote:
I can set up Tomcat's authentication fine, either basic (or digest) or form-based. Everything I read seems to prefer form-based, because you can customize the screen. However, basic as least encrypts the userID
Using tomcat 4.1.24, it appears that if using Basic
authentication and a user enters a valid username but
an invalid password, access to the restricted page is
forbidden from then on (403 error code is returned all
the time).
User is never given a second chance at typing the
username and password
hi all,
i've implemented form-based ldap authentication on my tomcat server. it works
fine in general but from time to time when i enter my ldap username and
password, i get a blank page with j_security_check in the location field. if i
reload the page, i get the login_error.jsp page and upon
I've been trying to get form-based ldap authentication workingbut no
luck.do you think
i could see some sample code?
Russ
-Original Message-
From: Maurice Coyle - Sun Microsystems Ireland [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 01, 2003 12:50 PM
To: [EMAIL PROTECTED
-To: mailing list [EMAIL PROTECTED]
X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
content-class: urn:content-classes:message
Subject: RE: FORM-based ldap authentication problem
Date: Tue, 1 Jul 2003 12:52:46 -0400
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: FORM-based ldap
-based ldap authentication problem
by all means. there's 4 basic steps to this:
1. in server.xml paste the following (replace YOUR-SERVER with the url
of the
ldap server and you'll probably have to change the userBase bit too) to
tell
tomcat where to go to authenticate:
Realm
Microsystems Ireland
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 01, 2003 10:07 AM
To: [EMAIL PROTECTED]
Subject: RE: FORM-based ldap authentication problem
by all means. there's 4 basic steps to this:
1. in server.xml paste the following (replace YOUR-SERVER with the
url
of the
ldap
i'm pretty sure the j_username is the logical attribute name for the uid. the
container manages the internals of the authentication. is this what you meant?
i wouldn't consider myself any sort of authority on the j_* attributes, i just
tried them and they worked. i suspect
Microsystems Ireland
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 01, 2003 10:29 AM
To: [EMAIL PROTECTED]
Subject: RE: FORM-based ldap authentication problem
i'm pretty sure the j_username is the logical attribute name for the
uid.
the
container manages the internals of the authentication
Hi all,
In a previous project, I decided to use Tomcat authentication and just
had nightmarish troubles. Telling people they couldn't bookmark the logon
page just isn't a solution. Plus, many people had serious problems trying to
login. They would enter in their user name and passwords
.
If there's another, more elegant way to do this, I'd love to see an
explanation of it and the rationale for it.
John
On Mon, 30 Jun 2003 10:45:41 -0400, Kevin Andryc [EMAIL PROTECTED]
wrote:
Hi all,
In a previous project, I decided to use Tomcat authentication and just
had nightmarish troubles
Hi
I am trying to make a filter that will redirect all request that don't have a
autheticated attribute set, to be redirected to the login page.
Somehow my filter does not work properly even though it still is a very basic
implementation that
does nothing besides a few system out prints.
The
when using tomcat authentication realms;
if the login page is login.jsp and if a user directly access this page and
tries to login , tomcat returns the error given below. i need to catch this
and handle it. specifically, where is the forwarding page reference stored?
in the users session? what
Hi Bill Everyone else,
For JSSE, you need to have the signer in cacerts at the moment for
Tomcat to include it in the list of signers it wants. PureTLS allows
you to configure the list (without being root), but other problems
mean that you can only use it in TC 5 HEAD at the moment.
Of
ERROR:
There is no such list CERTIFICATES here.
SOLUTION:
Send a message to [EMAIL PROTECTED] with a subject
of 'info' (no quotes) for a list of available mailing lists.
--
Sincerely, the Minimalist
-
To
Hi gurus,
i am needing some help to choose any kind of external component or even
framework solution which allow my system' s user policies to be stored.
This policy is very simple:
- some users ( not groups of them!) will have permition to some system's
funcionalities
- they should have
Hi!,
I was wondering whether somebody might be able to explain what I am
doing wrong with regards to the introduction of client certificates
being used as a means for authentication under Tomcat v4.1.24 under
Solaris 8, JDK 1.4.1_02.
I have established my own little CA using OpenSSL 0.9.7b
with regards to the introduction of client certificates
being used as a means for authentication under Tomcat v4.1.24 under
Solaris 8, JDK 1.4.1_02.
I have established my own little CA using OpenSSL 0.9.7b and have
generated my own self-signed certificate as well as signing a
certificate for my WWW
I have a box where Apache's basic authentication is working fine, via
directives in httpd.conf or an .htaccess file in the selected directory.
However, when the selected directory is located under the webapp context
directory, Apache serves it up without any prompting for any username
and password
Hi,
I have Apache 1.3, Tomcat 4.1, and mod_jk installed and working together. I was able
to configure Apache to use SSL. Now, I am required to check the client certificate
that Apache receives against an LDAP directory on a different server to authenticate
the user. Could somebody please
Message -
From: Chuck Ruffing [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, June 23, 2003 6:59 PM
Subject: Configuring SSL and LDAP authentication for Apache 1.3 and Tomcat
4.1
Hi,
I have Apache 1.3, Tomcat 4.1, and mod_jk installed and working together.
I was able to configure
from one
application to an other? (a kind of SRV.12.6, Server Tracking of Authentication
Information)
Thanks for help,
Jimm
--
+++ GMX - Mail, Messaging more http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage
deal with the same
security
role. How can I configure Tomcat, that the user doesn't have to type the
same
user-password-combination each time when he follows a link from one
application to an other? (a kind of SRV.12.6, Server Tracking of
Authentication
Information)
Thanks for help,
Jimm
this is not a plug and play solution.
Mario
- Original Message -
From: Chuck Ruffing [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, June 23, 2003 6:59 PM
Subject: Configuring SSL and LDAP authentication for Apache 1.3 and Tomcat
4.1
Hi,
I have Apache 1.3, Tomcat 4.1
tell me what exactly is Digital key
authentication.(because we use certificates for
authentication. Does this means authenticating users
against LDAP also?)
Any help would be greatly appreciated. Thanks in
advance..
naveen
Hi,
I am facing this problem.
The Form Based Realm Authentication is not able to recreate the original post
request.
To recreate the problem:
-Request a page protected with Form Based authentication.
-Login to the application.
-Stop at a page which has a form with method POST, till session
Hello,
What a relief!!
And I've seen that the patch for this bug is a one-liner... I will try
to backport it to the stock 4.1.24 we were willing to use.
Do you have an idea of the approx. release date for 4.1.25?
Thank you very much for your help.
Antonio Fiol
Bill Barker wrote:
It's a
Hello,
I have been struggling with a strange problem:
Using Apache Web server (1.3.23 - 1.3.26, not tested others).
Using mod_jk (EAPI version, recent download).
On a Linux machine.
Using tomcat 4.1.24
Both on solaris and on Linux.
When Apache is configured with
SSLClientVerify optional
or
It's a known problem. See http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15790 for
more details. It is fixed in the CVS, and so will work in 4.1.25.
Antonio Fiol Bonnín [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]
Hello,
I have been struggling with a strange problem:
however you like.
There are JK connectors for Apache and IIS, for example.
John
On Wed, 11 Jun 2003 10:53:37 -0400, vtobin [EMAIL PROTECTED]
wrote:
Hi Bill and Matt,
There are two problems with this:
1) Your Filter will not get called, since authentication happens before
Filters
We've had an Apache 1.3.26 / Tomcat 4.0.3 configuration for load balancing and the
authentication was using the apache htaccess method, it has been working fine.
After I upgraded to Tomcat 4.1.24 ( I didn't make any changes to the apache), I am
having problems with the authentication. Looks
1) Your Filter will not get called, since authentication happens before
Filters (you'd need to use a Valve, but then you are locked into Tomcat).
In my experience, and my current working app, this is not the case. The
following code works for me in a filter (mapped to /*) to auto-login a user
Hi Bill and Matt,
There are two problems with this:
1) Your Filter will not get called, since authentication happens before
Filters (you'd need to use a Valve, but then you are locked into
Tomcat). 2) Unless you are using Tomcat 5.x nightly, Request
attibutes won't be available
and Matt,
There are two problems with this:
1) Your Filter will not get called, since authentication happens before
Filters (you'd need to use a Valve, but then you are locked into Tomcat)
. 2) Unless you are using Tomcat 5.x nightly, Request attibutes won't be
available to the login-page
It works!
Thank you
- Original Message -
From: Bill Barker [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, June 07, 2003 5:33 AM
Subject: Re: SSL client authentication with tomcat 4.1.24
I believe that the Sun 1.4 JVM ships with the certs for Verisign and
Thawte
is stored on a Gemplus smartcard connected
with a USB reader all works fine if I connect to an Apache server with
mod_ssl.
- Original Message -
From: Bill Barker [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, June 07, 2003 5:33 AM
Subject: Re: SSL client authentication with tomcat
.
Mario
- Original Message -
From: Duma Rolando [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Tuesday, June 10, 2003 9:24 AM
Subject: Re: SSL client authentication with tomcat 4.1.24
I'm still having trouble with my setup.
These are my keystore entries:
Tipo keystore
It works, thanks a lot for your help.
- Original Message -
From: Mario Ivankovits [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Tuesday, June 10, 2003 9:36 AM
Subject: Re: SSL client authentication with tomcat 4.1.24
You have to import the root CA into the java
Morgan Pyne wrote:
Jerome,
No. No username (in /var/log/httpd/access.log) for the requests to
access pages served by my servlets.
This to me sounds worth investigating. If you have correctly set up authentication
on the URL of your servlet, then succesfully authenticated requests
Is it possible to define an error page for the basic authentication? and
if yes, how/where? i have tried to define error-page for code 401, but
realized that i am using constraint on everything , thus i am guessing
that error page may be falling under the constraint as well. (not sure
about
Hi,
I have an atypical situation in that I am trying to auto login users from
another system (a Lotus Domino system) when they connect to my JSP
application. I am using Tomcat 4.1.18 and have form based authentication
working on it. I would prefer if the users did not have to explicitly
login
, 2003 12:46 PM
To: Tomcat Users List
Subject: Auto Login Using Form Based Authentication
Hi,
I have an atypical situation in that I am trying to auto login users from
another system (a Lotus Domino system) when they connect to my JSP
application. I am using Tomcat 4.1.18 and have form based
There are two problems with this:
1) Your Filter will not get called, since authentication happens before
Filters (you'd need to use a Valve, but then you are locked into Tomcat).
2) Unless you are using Tomcat 5.x nightly, Request attibutes won't be
available to the login-page for the simple
Can i define the error page for the basic authentication? amd if yes,
where? i have tried to define error-page for code 401, but realized that i
am using constraint on everything , thus i am guessing that error page may
be falling under the constraint as well. (not sure about that though
I'm running Tomcat 4.1.24 standalone with SSL client authentication
enabled.Internet Explorer 6.0 when I try to access the server pops up a
window that ask me which certificate will be used for client authentication,
but the list of certificates is empty!
I've tested my browser on apache
Is there anyone that have a running tomcat 4.1.24 standalone server with SSL
and clientAuth=true?
My current config doesn't work ( i.e. Internet Explorer doesn't display my
personal certificate, Mozilla displays an error message ).I tried with only
one SSL connector on port 443 and with also an
Andy
-Original Message-
From: Duma Rolando [mailto:[EMAIL PROTECTED]
Sent: 06 June 2003 11:31
To: Tomcat Mailing List
Subject: SSL client authentication with tomcat 4.1.24
Is there anyone that have a running tomcat 4.1.24 standalone server with SSL
and clientAuth=true?
My current config
on this kind of
setup.
- Original Message -
From: Bodycombe, Andrew [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Sent: Friday, June 06, 2003 12:58 PM
Subject: RE: SSL client authentication with tomcat 4.1.24
You need to import your personal certificate into your browser.
In IE
[EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Friday, June 06, 2003 1:40 PM
Subject: Re: SSL client authentication with tomcat 4.1.24
I have already imported my certificate.This is correctly showed if I
connect
to an apache + mod-ssl server with SSLVerifyClient require directive
Duma,
the list of certificates is empty!
This means that you don't have client certificate in your client machine.
-Original Message-
From: Duma Rolando [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 05, 2003 9:31 AM
To: Tomcat Mailing List
Subject: SSL client authentication with IE 6.0
: Duma Rolando [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Friday, June 06, 2003 1:40 PM
Subject: Re: SSL client authentication with tomcat 4.1.24
I have already imported my certificate.This is correctly showed if I
connect
to an apache + mod-ssl server
I want apache to do basic authentication for my tomcat servlets.
I only want Tomcat to manage servlets - NO authorization.
How do I tell apache to do basic authentication when a servlet
is accessed??? I tried protecting the servlet directory in httpd.conf.
Help
valid-user
/Location
MUCH simpler than trying to set it up in Tomcat.
Tomcat Users List [EMAIL PROTECTED], [EMAIL PROTECTED] wrote:
I want apache to do basic authentication for my tomcat servlets.
I only want Tomcat to manage servlets - NO authorization.
How do I tell apache to do
Jerome,
No. No username (in /var/log/httpd/access.log) for the requests to
access pages served by my servlets.
This to me sounds worth investigating. If you have correctly set up authentication
on the URL of your servlet, then succesfully authenticated requests for this
URL should appear
All:
I am using CMA with Tomcat4/Apache1.3. I have a form-based login page
pointed at j_security_check. When a user submits the form the username and
password is shown in the statusbar of the browser. Also, there is a log
entry in the Apache logs that display this same URL that with
form ... method=post ...
-Original Message-
From: Vinh Tran [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 12:04 PM
To: [EMAIL PROTECTED]
Subject: Container Managed Authentication
All:
I am using CMA with Tomcat4/Apache1.3. I have a form-based login page
pointed
It's that simple!...you are kidding me!
Thanks Matt...I'll try it.
-Original Message-
From: Raible, Matt [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 2:08 PM
To: 'Tomcat Users List'
Subject: RE: Container Managed Authentication
form ... method=post ...
-Original
What should I put in the httpd.conf to make apache
do authentication before a servlet is accessed?
Here's what I tried:
Directory C:/Program Files/Apache Group/Apache2/Tomcat 4.1/webapps/stuff
AuthType Basic
AuthName stuff
AuthUserFile C:/Program Files/Apache Group/Apache2/conf/passwd
require
: authentication not
taken into account for webapps
Still stuck... Need help on how to debug authentication.
Morgan Pyne wrote:
Hi Jacob,
Hi Morgan,
The name is Jerome :) Jacob was a guy who replied to me!
I should have mentioned in my earlier post that the
tomcatAuthentication
Duh, I mean Jerome! Apologies - busy day in work as usual :-)
-Original Message-
From: Morgan Pyne
Sent: Monday, June 02, 2003 16:50
To: Tomcat Users List
Subject: RE: [Re-repost] tomcat/jk2/apache: authentication
not taken into account for webapps
Hi Jacob,
(got your name
Morgan Pyne wrote:
Hi Jacob^B^B^B^B^BJerome,
;)
Things to verify/try
1. The webserver has successfully authenticated the request, and you can see this
username appearing in the Apache access log. You mention that CGI's and other PHP pages
authenticate correctly, but verify that the URL
Hello, I have my tomcat behind IIS5 thru JK2 connector.
My tomcat has a form base authentication form.
The problem here is if my tomcat form base authentication fails, IIS pops up its own
diaglog window for another authentication.
How do I prevent this?
Regards
-Dan
On Sun, 1 Jun 2003 23:01, Dan Tran wrote:
Hello, I have my tomcat behind IIS5 thru JK2 connector.
My tomcat has a form base authentication form.
The problem here is if my tomcat form base authentication fails, IIS pops
up its own diaglog window for another authentication.
How do I prevent
Jason, thanks
I went to the connector virtual directory and unset the basic
authentication.
it works
Thanks for your advice
-Dan
- Original Message -
From: Jason Bainbridge [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Sunday, June 01, 2003 12:42 PM
Subject: Re: IIS
I am considering to implement a custom JDBCRealm.
It should make available a method such as
boolean authenticate(String username)
perhaps in a custom Principal class.
The method should log in (authenticate) the user and return true,
if user exists (with correct roles), false otherwise.
Can
I have set up form-based authentication on my web application, but am not seeing the
expected behavior.
I enter in a valid URL for my web application (which is set to be the root), e.g.
http://myserver:8080/Index.html
When I enter this URL, I am redirected to the Login.html page specified in my
Still stuck... Need help on how to debug authentication.
Morgan Pyne wrote:
Hi Jacob,
Hi Morgan,
The name is Jerome :) Jacob was a guy who replied to me!
I should have mentioned in my earlier post that the
tomcatAuthentication=false should only be part of the connector
definition
Hello
Let me preface by saying my knowledge and experience with seurity is
primitive.
I am now working on a project wherein we have a set of ASP pages with a
custom authentication process. I have embedded a servlet into one of
these asp pages but want to avoid making the user authenticate twice
we have a set of ASP pages with a
custom authentication process. I have embedded a servlet into one of
these asp pages but want to avoid making the user authenticate twice
(once for the ASP pages, once again to access the servlet).
To that end, I have been doing a lot of online research
Grab the pdf for the servlet-spec that you care about (TC3.3.x := 2.2,
TC4.1.x:= 2.3, TC5.x:= 2.4) and look at how to configure the
security-constraint element in your web.xml file. It offers something
close to Apache's .httpaccess.
Of course, the true masochists can set tomcatAuth=false on the
We have a mixed JSP / cgi-bin / perl environment. Currently we have
Apache doing authentication to get into the main web site and then from
there, we need additional authentication to get into JSP pages.
Currently there is no security for JSP pages so if someone browses to a
jsp page
We have a mixed JSP / cgi-bin / perl environment. Currently we have
Apache doing authentication to get into the main web site and then from
there, we need additional authentication to get into JSP pages.
Currently there is no security for JSP pages so if someone browses to a
jsp page
Hi Everybody,
Can anyone tell me how could I set up Tomcat (any version) to do the same
kind of user authenticate that you can do with Apache's .htaccess/.htpasswd?
I tried to find info about it, but the docs seem to focus on the servlet
container/JSP and not on static HTML page serving.
validates the client certs against the CA keystore in
$JAVA_HOME/jre/lib/security/cacerts.
Hope this helps,
Janne
- Original Message -
From: Mark W. Webb [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 28, 2003 11:04 PM
Subject: mutual SSL authentication
How can I set up SSL
,
Janne
- Original Message -
From: Mark W. Webb [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 28, 2003 11:04 PM
Subject: mutual SSL authentication
How can I set up SSL on tomcat 4.1 that will allow the server and client
to authenticate each other? from what I can tell, it looks
- Original Message -
From: Mark W. Webb [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Monday, March 31, 2003 4:54 PM
Subject: Re: mutual SSL authentication
Is there a way that I can have apache handle all of the SSL? This would
allow tomcat to only handle the servlet
Hi all,
I need to customize form-based authentication in Tomcat
so that I can have access to the user's session when
they are authenticated. I know I can write a custom
Realm class, but I don't see how I can get access to
the HttpServletRequest or HttpSession associated with
the request
How can I set up SSL on tomcat 4.1 that will allow the server and client
to authenticate each other? from what I can tell, it looks like the
SSL-HOWTO only addresses server authentication. I have this set up on
apache, would I be better off just running tomcat on top of apache?
thanks
of the doc's and the source code and pathed my
tomcat 4.1.x to change the ssl client auth behavior to mutual.
cu, joe
Mark Liu wrote:
Hi,
No, the Tomcat docs only says how to turn on the
*server* authentication, i.e., how to run Tomcat in
SSL mode. It does not mention how to have the client
first of all: use jdk1.4.x !!! i found a bug in the old implementatin.
if someone is interrested i can search in my archive to describe the bug.
here is how to patch the tomcat 4.1.x to handle to make client
authentication 'optional':
in the java class
801 - 900 of 1763 matches
Mail list logo
