:49
To: Tomcat Users List
Subject: Re: Tomcat SSL mutual authentication: Nobody's got a clue?
first of all: use jdk1.4.x !!! i found a bug in the old implementatin.
if someone is interrested i can search in my archive to describe the bug.
here is how to patch the tomcat 4.1.x to handle to make
authentication: Nobody's got a clue?
first of all: use jdk1.4.x !!! i found a bug in the old implementatin.
if someone is interrested i can search in my archive to describe the bug.
here is how to patch the tomcat 4.1.x to handle to make client
authentication 'optional':
in the java class
Here is some information I have put together on what I consider the best
practices for Tomcat Form Based Authentication. I look forward to your
comments and suggestions.
John
Best Practices for Tomcat v4.1 Form Based Authentication
John Swapceinski
Ordinate Corp.
[EMAIL PROTECTED
hi
after a tomcat authentication tomcat forwards the user to the page which
initially requested for the authentication.
but i want to forward all users to a certain page from where the user can
choose to do whatever they want regardless of the page which requested the
authentication. how can i
Hi,
I'm using Tomcat 4.1.18, Apache 1.3.27 and mod_jk as the connector. I want
to implement DIGEST authentication on tomcat. I implemented already the
BASIC authentication which is working fine. But if I want to change to
DIGEST it doesn't work anymore.
This is the contents of my web.xml
add this to the web.xml
error-page
error-code401/error-code
location/errorpage.jsp/location
/error-page
- Original Message -
From: Koes, Derrick [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 25, 2003 6:22 PM
Subject: Basic authentication question
I wish
-
From: Boon Seong [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 25, 2003 5:27 PM
To: Tomcat Users List
Subject: Re: Basic authentication question
add this to the web.xml
error-page
error-code401/error-code
location/errorpage.jsp/location
/error-page
- Original Message -
From
/login-config
- Original Message -
From: Koes, Derrick [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Sent: Tuesday, March 25, 2003 6:31 PM
Subject: RE: Basic authentication question
Unfortunately, this does not work.
Tomcat seems to use 401 as a prompt to put up the basic
Sorry, it is a protected resource and I want to continue to use basic
authentication, not form authentication. I still don't see a way around the
problem.
The relevant part of my web.xml:
security-constraint
web-resource-collection
web-resource-namedora/web-resource-name
url
For over 1 week, I've been exploring about this. So
far, I got no reply. Is this so professional, so
tough that nobody's got a clue?
__
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
That about sums it up. We are looking at client certs also.
The Tomcat docs say how to turn on client authentication, but
there is not much out there on hooking up to a CA and verifying
against a CRL.
All of that is beyond the scope of this list and dives deep into
the realm of JCE.
We
Hi,
No, the Tomcat docs only says how to turn on the
*server* authentication, i.e., how to run Tomcat in
SSL mode. It does not mention how to have the client
also pass over its certificate to the Web server.
You have an idea about how to turn on client cert?
--- Norris Shelton [EMAIL PROTECTED
redirector.
2) using IIS 5.0 and Windows 2000 Server
3) I have set the IIS security to NT Authentication.
The response variable that gets set is
authenticate
with a value of
TlRMTVNTUAADGAAYAFgYABgAcAgACABACAAIAEgIAAgAUACI
Server
3) I have set the IIS security to NT Authentication.
The response variable that gets set is
authenticate
with a value of
TlRMTVNTUAADGAAYAFgYABgAcAgACABACAAIAEgIAAgAUACI
BYKAoFMATwBMAE8ASABhAG4AcwBTAE8ATABPAOgkx0G8QbgJhRZRc0xo40R8cUWsA6X0SQ9M
Hi ,
Thanks for the help.
Correct if i am wrong ,but getRemoteUser() simply returns the REMOTE_USER
cgi header. In windows 2000 which uses kerberos authentication that value is
set to null when IIS is set to use NT authentication?
I was under the impression that I would need to somehow decode
I am running tomcat 4.1.18 in SSL mode on a Win2K
system.
And my Web server wants to parse the client's
certificate.
How can I configure Tomcat SSL to request the clientto
send its certificate?
Thanks.
__
Do you Yahoo!?
Yahoo! Platinum - Watch
hello all,
i am having trouble getting form based authentication working the way i would like. as
suggested by several threads in this group, i am trying to override the authenticate
of the FormAuthenticator so that i can set session data appropriately.
the problem i am having is that i am
Hi,
I am perplexed at this interesting problem. We want to use JDBCRealm to authenticate
users in Tomcat, but yet we want to serve static stuff via Apache to improve
performance. If we set up Tomcat as a worker for Apache using the JK2 connector, I
don't see how requests for static files are
20:08
To: [EMAIL PROTECTED]
Cc:
Subject: Can Tomcat do client certificate authentication ?
Within our company we've decided to use client certificates for security.
I've spent all week trying to get this working on Tomcat. If the client and
server are on the same machine it's easy. But how
Correct. Tomcat can't do client authentication. For this, you have to implement
a Realm (JDBCRealm, JNDIRealm, etc) and you realize the authentication.
See http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html
-
At 08:52 17/03/2003 +, you wrote
Hi
I have a JNDIRealm with certificate authentication. When the user cancel the
authentication he see a error page: Cancelled Action.
How can I include my own error page when the user cancel the certificate
authentication??
Regards
Hello,
I'm using tomcat as an in-process servlet-engine in an apache server.
Everything works fine execpt the authentication. I've configured the
authentication to do Access-control based on the system-users and
passwords. This works fine for static pages, served by appache, but the
access
(X509CertImpl.java:1608)
at sun.security.x509.X509CertImpl.init(X509CertImpl.java:286)
... 13 more
Apache seems OK (no error in error_log or catalina_log) and I seem to
go through the authentication process OK. I have no idea what this error
means, since my only theory that the browser cert
Hello,
I'am trying to authenticate an user with tomcat/SSL and using FORM realm.
Now I can't use the SSL only when the user give his password.
Is it possible?.
Thank you
___
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Title: RE: JK + client authentication: getRemoteUser() returns null
Finally found the problem.
I started with JK, and added the /examples section from the auto-generated mod_jk.conf to my httpd.conf:
Alias /examples C:/...
Directory C:/...
...
/Directory
When I switched to JK2, I
Users List'
Subject: RE: JK + client authentication: getRemoteUser() returns null
a) My apologies. I certainly try to send plain text, but Outlook has a
mind of its own, however tiny it may be. I think I've now beaten it into
submission.
b) I'll give it a try. From what I've seen mentioned of jk2
Title: RE: JK + client authentication: getRemoteUser() returns null
I've built jk2 2.0.2 against Apache 2.0.44, run it with Tomcat 4.1.18, and still get exactly the same results: everything seems to work except for getRemoteUser() still returning null.
There is an entry [error] mod_jk child
in these docs, but this installation works for me so maybe it
could help someone.
[EMAIL PROTECTED]
-Original Message-
From: Robert Biernat [mailto:[EMAIL PROTECTED]
Sent: 11. mars 2003 00:26
To: 'Tomcat Users List'
Subject: RE: JK + client authentication: getRemoteUser() returns null
Hello.
I try to set up the following features :
- Client authentication using client SSL certificates
- Client authorization using the JNDI realm, against an iPlanet LDAP
directory
I first tested a simpler configuration using the LDAP realm with BASIC
authentication, and it works fine. The realm
, by many people,
search archives for tomcatAuthentication..
Saludos,
Ignacio J. Ortega
-Original Message-
From: Mayne, Peter [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 2:27 AM
To: 'Tomcat Users List'
Subject: RE: JK + client authentication: getRemoteUser() returns null
Title: RE: JK + client authentication: getRemoteUser() returns null
I've reverted to Tomcat 4.0.6, I'm using mod_jk that I've built myself against Apache 2.0.44, and I'm using Ajp13Connector, but getRemoteUser() still doesn't work, and I'm tearing my hair out.
Server.xml contains
Title: RE: JK + client authentication: getRemoteUser() returns null
a) My apologies. I certainly try to send plain text, but Outlook has a mind of its own, however tiny it may be. I think I've now beaten it into submission.
b) I'll give it a try. From what I've seen mentioned of jk2, it's
Hello,
I am using Apache 1.3.26 on IBM AIX
I want to implement Basic Authentication on Apache (Ref: htpasswd)
I have 2 users with their respective directories:
-
USER NAME HOME DIR public_html
Title: JK + client authentication: getRemoteUser() returns null
I'm using
Windows XP
Apache 2.0.44
OpenSSL 0.9.7a
mod_jk-2.0.43.dll
Tomcat 4.1.18
I've followed the instructions at http://www.johnturner.com/howto/winxp-howto.html to set up Apache and Tomcat using JK, with authentication
you are correct, there is a bug filed for this,
Bugzilla Bug 11563
not sure anyone is dealing with it though,
Filip
-Original Message-
From: Mayne, Peter [mailto:[EMAIL PROTECTED]
Sent: Monday, March 10, 2003 4:01 PM
To: Tomcat Users List
Subject: JK + client authentication
that is
holding me back from deployment of 4.1.18 to production.
Rob
-Original Message-
From: Filip Hanik [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 11 March 2003 11:12 AM
To: Tomcat Users List
Subject: RE: JK + client authentication: getRemoteUser() returns null
you are correct, there is a bug
add
request.tomcatAuthentication=false
to jk2.properties
Saludos,
Ignacio J. Ortega
-Original Message-
From: Filip Hanik [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 1:12 AM
To: Tomcat Users List
Subject: RE: JK + client authentication: getRemoteUser() returns null
Title: RE: JK + client authentication: getRemoteUser() returns null
Thanks to both of you. I suppose I won't be holding my breath. :-\
I'll try using the Ajp13Connector.
PJDM
--
Peter Mayne
Technology Consultant
Spherion Technology Solutions
Level 1, 243 Northbourne Avenue, Lyneham, ACT
Title: RE: JK + client authentication: getRemoteUser() returns null
add ... to jk2.properties
jk2, even though I'm using jk?
Anyway, I tried it and it still didn't work.
Thanks anyway.
PJDM
--
Peter Mayne
Technology Consultant
Spherion Technology Solutions
Level 1, 243 Northbourne
Title: RE: JK + client authentication: getRemoteUser() returns null
I just looked through the 4.1.21-beta release notes: it doesn't appear to be fixed there either.
Who do we have to bribe around here? :-)
PJDM
--
Peter Mayne
Technology Consultant
Spherion Technology Solutions
Level 1
I'm using Tomcat 4.1.18 standalone. We need client certificates to work
across all our platforms. With Microsoft its easy, with Tomcat we just can't
seem to do it.
We've looked at many different methods of security. Basic Authentication is
OK if we use it with HTTPS, but doesn't seem to be very
Hi,
how can i configure tomcat to get client authentication just for one
specified context?
Example:
https://localhost/withClientAuth
https://localhost/noClientAuth
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
How do you configure Tomcat to do client authentication at all ? How do use
specify the truststore on the Tomcat server ?
-Original Message-
From: Mario Ivkovic [mailto:[EMAIL PROTECTED]
Sent: Sat 08/03/2003 11:21
To: [EMAIL PROTECTED]
Cc:
Subject: Client Authentication
Hi,
how
=org.apache.catalina.net.SSLServerSocketFactory
clientAuth=true protocol=TLS /
/Connector
-Ursprngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Gesendet: Samstag, 8. Mrz 2003 12:32
An: [EMAIL PROTECTED]
Betreff: RE: Client Authentication
How do you configure
Have you got it working across more than one box, or is client and server on
the same machine ?
-Original Message-
From: Mario Ivkovic [mailto:[EMAIL PROTECTED]
Sent: Sat 08/03/2003 12:08
To: 'Tomcat Users List'
Cc:
Subject: AW: Client Authentication
I just uncomment
Have you got it working across more than one box?
Yes
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
How about Digest authentication ?
On Sat, 2003-03-08 at 15:19, [EMAIL PROTECTED] wrote:
I'm using Tomcat 4.1.18 standalone. We need client certificates to work
across all our platforms. With Microsoft its easy, with Tomcat we just can't
seem to do it.
We've looked at many different methods
We can't use digest authentication, as we have to store our passwords
encrypted.
-Original Message-
From: Tarun Ramakrishna Elankath [mailto:[EMAIL PROTECTED]
Sent: Sat 08/03/2003 14:19
To: [EMAIL PROTECTED]
Cc:
Subject: RE: Can Tomcat do client certificate authentication ?
How
Hello
I'm using form authentication and a JDBCRealm for a tomcat/jsp application.
When I request a restricted page, I get my login page. When I try to log in
with incorrect username/password, I get the error-page. But when I log in
with correct username/pass, I get a blank screen and am
Within our company we've decided to use client certificates for security.
I've spent all week trying to get this working on Tomcat. If the client and
server are on the same machine it's easy. But how do I do it if the client
is on a different machine ? I can get SSL working on HTTPS no problem,
Hello,
I am using Apache 1.3.26 on IBM AIX
I want to implement Basic Authentication on Apache (Ref: htpasswd)
I have 2 users with their respective directories:
-
USER NAME HOME DIR public_html
The choice of going to SSL-CERT auth puts a huge burden on your IT staff.
You've got to collect all of your client's certs, and manage them (including
renewals, revocations, et. al.). Except for small closed-groups, it is
almost always not worth the trouble.
Which headaches you want really
Hi,
I apologise for cross-posting - I'm really not sure which component is at
fault, looks like mod_ssl but possibly mod_jk. BTW, is there a list (or some
other venue) dedicated to mod_jk?
My environment is Apache 1.3.22, mod_ssl 2.8.5, OpenSSL 0.9.6b, tomcat 4.0.3.
I have a servlet mounted like
I realised that I included irrelevant log snipet from the SSL log. Please
see the correction below.
Aaron Stromas said:
Hi,
I apologise for cross-posting - I'm really not sure which component is
at fault, looks like mod_ssl but possibly mod_jk. BTW, is there a list
(or some other venue)
Hi,
If somebody has a working client SSL authentication for Apache 1.3.*,
mod_ssl/mod_jk, i.e., ajp mounts that require client certificate
(SSLVerifyClient require), I'd be very grateful to see the appropriate
pieces of configuration files. Thank you.
-a
--
Aaron Stromas | Tik-tik-tik
Hello,
im using tomcat 4.1.18 on WinXP with MemoryRealm based CLIENT CERT
AUTHENTICATION and want to use LDAP- or JDBCRealm for client authentication.
Password authentication works on both, LDAP(openLDAP) and DB(MS SQL7).
Did someone managed to setup this authentication method with mentioned
Hi.
Can I use two Realms for client authentication?? I would like to define a
set of servlets that uses a Realm and another set of sevlets that uses
another Realm. Can I make this??
Regards.
-
To unsubscribe, e-mail: [EMAIL
On 2/28/2003 at 5:25 PM Gil wrote:
Can I use two Realms for client authentication?? I would like to define a
set of servlets that uses a Realm and another set of sevlets that uses
another Realm. Can I make this??
In the same webapp? I don't think so. I think you have a few choices:
1. split
Hi.
Can I use two Realms for client authentication?? I would like to define a
set of servlets that uses a Realm and another set of sevlets that uses
another Realm. Can I make this??
Regards.
-
To unsubscribe, e-mail: [EMAIL
Hi
In tomcat user xml file I have given password= .
While entering the application its not allowing me to log in if i
dont give any password(blank password).
It works if I give i some value in user xml file
password=xyz...
Is it that null values are not allowed or i am doing something
wrong
Hello:
Does anyone here has LDAP authentication set up through a JNDIRealm in server.xml and
could send me a sample server.xml for me to look at?
Thanks!
MC
List'
Subject: LDAP Authentication
Hello:
Does anyone here has LDAP authentication set up through a JNDIRealm in
server.xml and could send me a sample server.xml for me to look at?
Thanks!
MC
-
To unsubscribe, e
PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Sent: Tuesday, February 25, 2003 9:57 AM
Subject: RE: LDAP Authentication
Here's what I have in my context to make it work:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionName=cn=Manager,dc=raibledesigns,dc=com
I have the following security role in my web.xml file:
security-role
descriptionRole to allow authentication/description
role-nameAdministrator/role-name
/security-role
In my JDBCRealm, I have role_name defined for the user as:
USERID ROLENAME
On Tue, 25 Feb 2003, Raible, Matt wrote:
The reason I ask this is b/c I'm developing a menu application that filters
on roles and hides/shows menus based on a role name. What should I do to
mimic Tomcat's behavior? Should I do an toUpperCase on the rolename and
database role?
What does
Tomcat is case sensitive everywhere except where the servlet
spec says it
is explicitly not case sensitive (such as request.getHeader()). That
includes things like matching role names.
So you're saying that matching role names is NOT case sensitive. I'm
guessing this from my own
Howdy,
Tomcat is case sensitive everywhere except where the servlet
spec says it
is explicitly not case sensitive (such as request.getHeader()). That
includes things like matching role names.
So you're saying that matching role names is NOT case sensitive. I'm
guessing this from my own
On Tue, 25 Feb 2003, Raible, Matt wrote:
Date: Tue, 25 Feb 2003 13:59:20 -0700
From: Raible, Matt [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Subject: RE: Authentication and Roles - case sensitivity
Tomcat is case sensitive
Hi ,
I can use java to connect to apache server via SSL without client
authentication.
Just use
System.setProperty(java.protocol.handler.pkgs,com.sun.net.ssl.internal.ww
w.protocol);
In trying to connect to the apache via SSL with client authentication, I do
the following:
Using keytool, I
Subject: Re: Web browser authenticates to Tomcat Server using Client SSL
authentication
Kwan Hon Luen [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi ,
Have configured Tomcat to use SSL with client authentication set to
true.
Have imported client (which is the web browser IE
Hi ,
Have configured Tomcat to use SSL with client authentication set to true.
Have imported client (which is the web browser IE) certificate to tomcat
server keystore.
But when I use IE to connect to Tomcat, it pops up a message box saying The
Web site you want to view requests identification
Kwan Hon Luen [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi ,
Have configured Tomcat to use SSL with client authentication set to true.
Have imported client (which is the web browser IE) certificate to tomcat
server keystore.
But when I use IE to connect to Tomcat, it pops up
How can I declare an LDAP datasource in the server.xml file without the need
to use it for authentication. The documentation I have read so far assumes
that I am using LDAP for authentication. When looking at the datasources
section of the JNDI docs, it assumes a relational database. Can
: Thomas Muller [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, February 17, 2003 3:50 PM
Subject: Tomcat 3.2.1: Basic authentication and Win 2000
Hi,
When I try to apply basic authentication to an area, Win 2000 pops up with
a
login dialog that requires windows credentials (or something
I have form-based authentication set up far enough that
if I request a protected resource, Tomcat redirects me
to the login page. When I submit the login page to
j_security_check, Tomcat gives me this 500 error:
No Context configured to process this request
The server encountered an internal
Hi,
When I try to apply basic authentication to an area, Win 2000 pops up with a
login dialog that requires windows credentials (or something). It seems like
Windows refuses do allow Tomcat to do authentication alone. Without any
knowledge of Tomcat internals, I guess it's the AccessInterceptor
Hi all
I am having a strange problem with authentication. If a user tries to
login to the web site access is sometimes denied at first (this is not a
mis-typed password). Going back to the login page and typing the same
username + password again works??
Did anyone have a similar problem? Any
]]
Sent: 14 February 2003 04:08
To: Tomcat Users List
Subject: Re: Tomcat 4.1.12 Form authentication with IIS 5
What happens when you move your form-login-page outside of the /admin/
folder?
Sean Dockery
[EMAIL PROTECTED]
Certified Java Web Component Developer
Certified Delphi Programmer
SBD
Hi everyone !
I have a problem with Java Web Start (1.0.1) and Tomcat (4.0.4).
I'm trying to call my application via Web server Tomcat with
restricting access.
My configuration is the following :
The deployment descriptor web.xml is:
?xml version=1.0 encoding=ISO-8859-1?
Hi everyone !
I have a problem with Java Web Start (1.0.1) and Tomcat (4.0.4).
I'm trying to call my application via Web server Tomcat with
restricting access.
My configuration is the following :
The deployment descriptor web.xml is:
?xml version=1.0 encoding=ISO-8859-1?
I have a web-app configured to use form based authentication. The login
works fine when I go directly to Tomcat using port 8080. When I try to
go through IIS, I don't even get the login page. I get a tomcat error
page 403 - Access to the requested resource has been denied.
I can get to all
Hi,
I'm using Tomcat 4.1.12 with IIS 5. When I connect directly to
http://localhost:8080/HP/admin/ the Tomcat FORM authentication works fine,
but when I try to connect to http://localhost/HP/admin I get the following
error:
HTTP Status 403 - Access to the requested resource has been denied
Although it may not address the specific requests made on this list, I found an
article about form-based authentication that could be useful. Here it is:
http://www.onjava.com/pub/a/onjava/2002/06/12/form.html
Regards.
Carlos
]
To: [EMAIL PROTECTED]
Sent: Thursday, February 13, 2003 06:11
Subject: Tomcat 4.1.12 Form authentication with IIS 5
Hi,
I'm using Tomcat 4.1.12 with IIS 5. When I connect directly to
http://localhost:8080/HP/admin/ the Tomcat FORM authentication works fine,
but when I try to connect to http
private adress.
i would like to have a setting in the server.xml:
clientAuthOptional = true/false
that would be nice!
Tomcat User wrote:
Hi all.
I work with secure applications (Tomcat 4.1.18 with SSL + client
authentication using certificates) and I would like to have client
authentication
Very thanks for your help. The patch does work fine but I would like to
have optional client authentication for obtaining security constraints (the
CLIENT-CERT authentication method). How I can optional client
authentication for directories/servlets??
In JSSESocketFactory I change
On Wed, 12 Feb 2003, Soefara Redzuan wrote:
Date: Wed, 12 Feb 2003 14:38:22 +0800
From: Soefara Redzuan [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: How to write custom authentication method forTomcat as well as
weblogic/orion
From: Craig R. McClanahan [EMAIL PROTECTED]
Whilst Tomcat's JDBC Realm's are easy to set up and get working,
(http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html), I'm
wondering how easy it might be to write our own authentication mechanism
using Filters ?
You might want
Manuel Gil Perez [EMAIL PROTECTED] wrote in message
5.2.0.9.0.20030210123926.00ba8310@localhost">news:5.2.0.9.0.20030210123926.00ba8310@localhost...
Hi all.
Currently (in Tomcat 4.1.18), is CLIENT-CERT authentication method defined
within Realm??
Yes.
Regards.
--
logi
Hi all.
I work with secure applications (Tomcat 4.1.18 with SSL + client
authentication using certificates) and I would like to have client
authentication optional because in server.xml file the client
authentication is obligatory or not (clientAuth = true or false).
How I can resolve my
Whilst Tomcat's JDBC Realm's are easy to set up and get working,
(http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html), I'm
wondering how easy it might be to write our own authentication mechanism
using Filters ? There are a few reasons for this,
1) We'd like a security mechanism
To: [EMAIL PROTECTED]
Subject: Re: DataSourceRealm, Exception performing authentication ?
Did you declare the Realm after your Resource or before it?
--
Sean Dockery
[EMAIL PROTECTED]
Certified Java Web Component Developer
Certified Delphi Programmer
SBD Consultants
http://www.sbdconsultants.com
Uros
Hi all.
Currently (in Tomcat 4.1.18), is CLIENT-CERT authentication method defined
within Realm??
Regards.
--
login-config
auth-methodCLIENT-CERT/auth-method
realm-nameOnJava Application/realm-name
/login-config
performing
authentication
javax.naming.NameNotFoundException: Name jdbc is not bound in this
Context
at
org.apache.naming.NamingContext.lookup(NamingContext.java:811)
at
org.apache.naming.NamingContext.lookup(NamingContext.java:194
rceRealm :
2003-02-08 15:35:06 DataSourceRealm[/testapp]: Exception performing
authentication
javax.naming.NameNotFoundException: Name jdbc is not bound in this
Context
at
org.apache.naming.NamingContext.lookup(NamingContext.java:811)
at
org.apache.naming.NamingContext.lookup(NamingContext.
Hi all.
Currently, I have a secure web application with Apache + mod_ssl and it
does work fine. I would like change to Tomcat with security constraints for
directories (with client authentication). For this, I would like to protect
a resource with a MemoryRealm. I'm following these steps:
1
everything working, it is authenticating the
manager app against the database fine now, and the lower level authentication works as
well, I am not sure which realm is being used where, I am going to create a new
database and see that it is working right.
Thanks for the reply!!
Geoff
-Original
ysically have to reside inside the context tag? (do I
have to put a /context on after the realm)? I manager to get everything
working, it is authenticating the manager app against the database fine now,
and the lower level authentication works as well, I am not sure which realm
is being used where, I
A small problem here, can't seem to figure out why.
In the following server.xml, if I remove the context level realm, the authentication
fails against the database (I can connect on startup, but I cannot authenticate to
access the manager or admin applications). However, if I put the context
, but does not restrict security. The .htaccess file is set
to require basic authentication, and does so for an html file in the webapp
directory. However, if I try to serve a JSP page, the Basic Authentication
window pops up, and if I hit cancel, I STILL get served the JSP. The exact
same symptoms
901 - 1000 of 1763 matches
Mail list logo
