Hello,
I work with Tomcat 4.1.24 and I have a problem with authentication (I use
DataSourceRealm) at runtime.
On login page, if I enter login - password existing in database with the rigth role to
access to the specified ressource it is OK
(the targeted page is displayed).
The problem happens
c. So if I put *.doc, it will
block all doc files.
BTW, /document/*.doc never work. You still can get doc file under
document without authentication window pop-up. The only way to block doc
file is to put *.doc between and . It is not
right as what many tomcat documents state, is it?
-Daniel
try /document/* as the url-pattern or /document/*.doc if you want the .doc files under
/document to be protected ...
-Original Message-
From: Daniel Zhang [mailto:[EMAIL PROTECTED]
Sent: 22. juli 2003 14:48
To: Tomcat Users List
Subject: Basic Authentication not work for directory
Hi
Hi, all -
I've configured Tomcat 4.1.18 on RH Linux 8 server. Then I need some
authentication for certain
directories under webapps. So I configured server.xml, web.xml and
tomcat-users.xml creating a
role and its username with password. It works only for individual file
with an exte
Hi
I have successfully setup Tomcat with SSL and client authentication, and I
have successfully identified myself to the web application using a browser
certificate. But when I access a port with client authentication enabled
WITHOUT sending a certificate, I receive an error from Tomcat. I would
I add a new page.
-Original Message-
From: Murray [mailto:[EMAIL PROTECTED]
Sent: Thursday, 17 July 2003 09:57
To: [EMAIL PROTECTED]
Subject: Authentication by role
I am trying to control access to web pages using a list of authorised roles.
The model would have each page in the secure are
to
the page, the page will be displayed otherwise an error message will appear
and, ideally, the user will be offered the opportunity to log on again in
case the browser has been shared between different users.
I'm using a JDBC realm with a user and a role table. Authentication of the
user
Hello,
I'm trying to get Tomcat 4.1.24 working with CLIENT-CERT authentication and
am having some difficulty. Would someone please assist me? Thanks in
advance ..
I have performed the following steps:
1. Using keytool I created a keystore named server.keystore to contain the
s
I can use Basic auth, and FORM-based auth,using the UserDatabaseRealm, with no
problem. But when I try to use DIGEST, like this:
DIGEST
UserDatabase
...etc
Tomcat obviously recognizes the keyword, because I get prompted by a different type of
screen from IE. But I can';t authentic
How about asking the php folks?
If this were java - just use HttpClient from jakarta-commons.
-Tim
bin cai wrote:
Hi,
In client side i wrote a php script trying to invoke a cgi script in web server
$fp = fsockopen (http://webserver, 80, $errno, $errstr, 30);
if (!$fp) {
echo "$errstr ($er
Muhammad Bilal wrote:
I want to have a synchronization between the authentication stuff. Like,
I have a web site, and every user has some role, and every user can
access some protected resource based on his role. Now I want to use JDBC
realm for this purpose with Form auth. so that user logs
I assume you are using Basic AUTH here, right? Then send the
username/password combo like this..
http://myusername:[EMAIL PROTECTED]/
Obviously, this kind of puts the username/password combo out there is clear
text for all to see. However, that happens even with normal Basic
AUTH. Base64 en
Hi,
In client side i wrote a php script trying to invoke a cgi script in web server
$fp = fsockopen (http://webserver, 80, $errno, $errstr, 30);
if (!$fp) {
echo "$errstr ($errno)\n";
} else {
fputs ($fp, "GET /bintest.cgi?" HTTP/1.0\r\nHost:http://webserver\r\n\r\n";);
}
The web se
I want to have a synchronization between the authentication stuff. Like, I
have a web site, and every user has some role, and every user can access
some protected resource based on his role. Now I want to use JDBC realm for
this purpose with Form auth. so that user logs into the site only once
Does anyone know if it is possible to have a FORM-based authentication with webdav
servlet (which is open as a "web folder").
I have tried, but unsuccessfully. If a servlet runs in a regular way (HTTP://),
the form log-in page is displayed. However, if the webdav servlet i
Mike Curwen wrote:
The problem is in the error message:
Invalid direct reference to form login page
In brief: With container-based auth, when a user attempts to access a
protected resource, the container will 'remember' which resource they
tried to access, and send them off to the form login page,
ay, July 10, 2003 4:00 AM
> To: [EMAIL PROTECTED]
> Subject: Tomcat: j_security_check: Form Authentication
>
>
> Hi,
>
> I am using Form Authentication with Tomcat 4.1.18. Every thing seems
> working, when I try to access a protected resource directly,
> it takes me
I just started trying to use Form AUTH and JDBCRealm a couple days ago, and I am seeing the exact same behavior.
Muhammad Bilal wrote:
Hi,
I am using Form Authentication with Tomcat 4.1.18. Every thing seems
working, when I try to access a protected resource directly, it takes me
to the
Hi,
I am using Form Authentication with Tomcat 4.1.18. Every thing seems
working, when I try to access a protected resource directly, it takes me to
the login.jsp and if enter correct user/password it logs me in and takes to
protected resource. But if I try to go to login.jsp first and enters
Use SSL with Form Based AUTH.
Then all traffic is SSL protected.
Dave Naden wrote:
I can set up Tomcat's authentication fine, either basic (or digest) or form-based. Everything I read seems to prefer form-based, because you can customize the screen. However, basic as least encrypts the u
Basic authentication is so weak that it is the equivalent of cleartext. If
security of a password is an issue, use SSL.
-Tim
Dave Naden wrote:
I can set up Tomcat's authentication fine, either basic (or digest) or form-based. Everything I read seems to prefer form-based, because yo
I can set up Tomcat's authentication fine, either basic (or digest) or form-based.
Everything I read seems to prefer form-based, because you can customize the screen.
However, basic as least encrypts the userID/password, and digest does that even
better. But form-based just sends these
Using tomcat 4.1.24, it appears that if using Basic
authentication and a user enters a valid username but
an invalid password, access to the restricted page is
forbidden from then on (403 error code is returned all
the time).
User is never given a second chance at typing the
username and password
r.
> -Original Message-
> From: Maurice Coyle - Sun Microsystems Ireland
[mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 01, 2003 10:29 AM
> To: [EMAIL PROTECTED]
> Subject: RE: FORM-based ldap authentication problem
>
> i'm pretty sure the j_username is
i'm pretty sure the j_username is the logical attribute name for the uid. the
container manages the internals of the authentication. is this what you meant?
i wouldn't consider myself any sort of authority on the j_* attributes, i just
tried them and they worked. i suspect that t
essage-
> From: Maurice Coyle - Sun Microsystems Ireland
[mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 01, 2003 10:07 AM
> To: [EMAIL PROTECTED]
> Subject: RE: FORM-based ldap authentication problem
>
> by all means. there's 4 basic steps to this:
>
> 1. in server.
FORM-based ldap authentication problem
by all means. there's 4 basic steps to this:
1. in server.xml paste the following (replace with the url
of the
ldap server and you'll probably have to change the userBase bit too) to
tell
tomcat where to go to authenticate:
/login.jsp
/login_error.jsp
3. create login.jsp and login_error.jsp and put them in the web-app's document
root
login.jsp must include the form with the j_* fields as in the skeleton form
below:
LDAP Authentication
Enter UserId
I've been trying to get form-based ldap authentication workingbut no
luck.do you think
i could see some sample code?
Russ
-Original Message-
From: Maurice Coyle - Sun Microsystems Ireland [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 01, 2003 12:50 PM
To: [EMAIL PROT
hi all,
i've implemented form-based ldap authentication on my tomcat server. it works
fine in general but from time to time when i enter my ldap username and
password, i get a blank page with j_security_check in the location field. if i
reload the page, i get the login_error.jsp page and
when using tomcat authentication realms;
if the login page is "login.jsp" and if a user directly access this page and
tries to login , tomcat returns the error given below. i need to catch this
and handle it. specifically, where is the forwarding page reference stored?
in the users ses
Hi
I am trying to make a filter that will redirect all request that don't have a
autheticated attribute set, to be redirected to the login page.
Somehow my filter does not work properly even though it still is a very basic
implementation that
does nothing besides a few system out prints.
The
there's another, more elegant way to do this, I'd love to see an
explanation of it and the rationale for it.
John
On Mon, 30 Jun 2003 10:45:41 -0400, Kevin Andryc <[EMAIL PROTECTED]>
wrote:
Hi all,
In a previous project, I decided to use Tomcat authentication and just
had nigh
Hi all,
In a previous project, I decided to use Tomcat authentication and just
had nightmarish troubles. Telling people they couldn't bookmark the logon
page just isn't a solution. Plus, many people had serious problems trying to
login. They would enter in their user name and
Hi Bill & Everyone else,
> For JSSE, you need to have the signer in cacerts at the moment for
> Tomcat to include it in the list of signers it wants. PureTLS allows
> you to configure the list (without being root), but other problems
> mean that you can only use it in TC 5 HEAD at the moment.
>
>
ERROR:
There is no such list CERTIFICATES here.
SOLUTION:
Send a message to [EMAIL PROTECTED] with a subject
of 'info' (no quotes) for a list of available mailing lists.
--
Sincerely, the Minimalist
-
To unsubscribe
lain what I am
> doing wrong with regards to the introduction of client certificates
> being used as a means for authentication under Tomcat v4.1.24 under
> Solaris 8, JDK 1.4.1_02.
>
> I have established my own little CA using OpenSSL 0.9.7b and have
> generated my own self-signed
Hi!,
I was wondering whether somebody might be able to explain what I am
doing wrong with regards to the introduction of client certificates
being used as a means for authentication under Tomcat v4.1.24 under
Solaris 8, JDK 1.4.1_02.
I have established my own little CA using OpenSSL 0.9.7b
Hi gurus,
i am needing some help to choose any kind of external component or even
framework solution which allow my system' s user policies to be stored.
This policy is very simple:
- some users ( not groups of them!) will have permition to some system's
funcionalities
- they should have passwords
ve it read the
Client-Cert at all.
>
> Currently this is not a plug and play solution.
>
> Mario
>
> - Original Message -
> From: "Chuck Ruffing" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, June 23, 2003 6:59 PM
> Subjec
should all deal with the same
security
role. How can I configure Tomcat, that the user doesn't have to type the
same
user-password-combination each time when he follows a link from one
application to an other? (a kind of SRV.12.6, Server Tracking of
Authentication
Information)
Thanks for
link from one
application to an other? (a kind of SRV.12.6, Server Tracking of Authentication
Information)
Thanks for help,
Jimm
--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene
Message -
From: "Chuck Ruffing" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, June 23, 2003 6:59 PM
Subject: Configuring SSL and LDAP authentication for Apache 1.3 and Tomcat
4.1
> Hi,
>
> I have Apache 1.3, Tomcat 4.1, and mod_jk installed and
Hi,
I have Apache 1.3, Tomcat 4.1, and mod_jk installed and working together. I was able
to configure Apache to use SSL. Now, I am required to check the client certificate
that Apache receives against an LDAP directory on a different server to authenticate
the user. Could somebody please he
I have a box where Apache's basic authentication is working fine, via
directives in httpd.conf or an .htaccess file in the selected directory.
However, when the selected directory is located under the webapp context
directory, Apache serves it up without any prompting for any username
and pas
tell me what exactly is Digital key
authentication.(because we use certificates for
authentication. Does this means authenticating users
against LDAP also?)
Any help would be greatly appreciated. Thanks in
advance..
naveen
Hi,
I am facing this problem.
The Form Based Realm Authentication is not able to recreate the original post
request.
To recreate the problem:
-Request a page protected with Form Based authentication.
-Login to the application.
-Stop at a page which has a form with method "POST", ti
Hello,
What a relief!!
And I've seen that the patch for this bug is a one-liner... I will try
to backport it to the stock 4.1.24 we were willing to use.
Do you have an idea of the approx. release date for 4.1.25?
Thank you very much for your help.
Antonio Fiol
Bill Barker wrote:
It's a know
It's a known problem. See http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15790 for
more details. It is fixed in the CVS, and so will work in 4.1.25.
"Antonio Fiol Bonnín" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
> Hello,
>
> I have been struggling with a strange problem:
Hello,
I have been struggling with a strange problem:
Using Apache Web server (1.3.23 - 1.3.26, not tested others).
Using mod_jk (EAPI version, recent download).
On a Linux machine.
Using tomcat 4.1.24
Both on solaris and on Linux.
When Apache is configured with
SSLClientVerify optional
or
SSLCli
We've had an Apache 1.3.26 / Tomcat 4.0.3 configuration for load balancing and the
authentication was using the apache htaccess method, it has been working fine.
After I upgraded to Tomcat 4.1.24 ( I didn't make any changes to the apache), I am
having problems with the authenticat
gt; > Hi Bill and Matt,
> >
> >> There are two problems with this:
> >> 1) Your Filter will not get called, since authentication happens before
> >> Filters (you'd need to use a Valve, but then you are locked into
Tomcat)
> >> . 2) Unless you are using
0, vtobin <[EMAIL PROTECTED]> wrote:
Hi Bill and Matt,
There are two problems with this:
1) Your Filter will not get called, since authentication happens before
Filters (you'd need to use a Valve, but then you are locked into Tomcat)
. 2) Unless you are using Tomcat 5.x nightly, Request
Hi Bill and Matt,
> There are two problems with this:
> 1) Your Filter will not get called, since authentication happens before
> Filters (you'd need to use a Valve, but then you are locked into
> Tomcat). 2) Unless you are using Tomcat 5.x nightly, Request
> attibutes won&#
> 1) Your Filter will not get called, since authentication happens before
> Filters (you'd need to use a Valve, but then you are locked into Tomcat).
In my experience, and my current working app, this is not the case. The
following code works for me in a filter (mapped to /*) to a
There are two problems with this:
1) Your Filter will not get called, since authentication happens before
Filters (you'd need to use a Valve, but then you are locked into Tomcat).
2) Unless you are using Tomcat 5.x nightly, Request attibutes won't be
available to the login-page for
y, June 10, 2003 12:46 PM
To: Tomcat Users List
Subject: Auto Login Using Form Based Authentication
Hi,
I have an atypical situation in that I am trying to auto login users from
another system (a Lotus Domino system) when they connect to my JSP
application. I am using Tomcat 4.1.18 and have
Hi,
I have an atypical situation in that I am trying to auto login users from
another system (a Lotus Domino system) when they connect to my JSP
application. I am using Tomcat 4.1.18 and have form based authentication
working on it. I would prefer if the users did not have to explicitly
login
Is it possible to define an error page for the basic authentication? and
if yes, how/where? i have tried to define error-page for code 401, but
realized that i am using constraint on everything , thus i am guessing
that error page may be falling under the constraint as well. (not sure
about
Morgan Pyne wrote:
Jerome,
No. No username (in /var/log/httpd/access.log) for the requests to
access pages served by my servlets.
This to me sounds worth investigating. If you have correctly set up authentication
on the URL of your servlet, then succesfully authenticated requests for
It works, thanks a lot for your help.
- Original Message -
From: "Mario Ivankovits" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Tuesday, June 10, 2003 9:36 AM
Subject: Re: SSL client authentication with tomcat 4.1.24
> You
did the job for me.
Mario
- Original Message -
From: "Duma Rolando" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Tuesday, June 10, 2003 9:24 AM
Subject: Re: SSL client authentication with tomcat 4.1.24
> I'm still havin
te is stored on a Gemplus smartcard connected
with a USB reader all works fine if I connect to an Apache server with
mod_ssl.
- Original Message -
From: "Bill Barker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, June 07, 2003 5:33 AM
Subject: Re: SSL
It works!
Thank you
- Original Message -
From: "Bill Barker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, June 07, 2003 5:33 AM
Subject: Re: SSL client authentication with tomcat 4.1.24
> I believe that the Sun 1.4 JVM ships with the cert
Can i define the error page for the basic authentication? amd if yes,
where? i have tried to define error-page for code 401, but realized that i
am using constraint on everything , thus i am guessing that error page may
be falling under the constraint as well. (not sure about that though
now.
>
> Mario
>
> - Original Message -
> From: "Duma Rolando" <[EMAIL PROTECTED]>
> To: "Tomcat Users List" <[EMAIL PROTECTED]>
> Sent: Friday, June 06, 2003 1:40 PM
> Subject: Re: SSL client authentication with tomcat 4.1.24
>
>
>
Duma,
>>the list of certificates is empty!
This means that you don't have client certificate in your client machine.
-Original Message-
From: Duma Rolando [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 05, 2003 9:31 AM
To: Tomcat Mailing List
Subject: SSL client authenticat
lando" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, June 06, 2003 1:40 PM
Subject: Re: SSL client authentication with tomcat 4.1.24
> I have already imported my certificate.This is correctly showed if I
connect
> to an apache
e experience on this kind of
setup.
- Original Message -
From: "Bodycombe, Andrew" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Friday, June 06, 2003 12:58 PM
Subject: RE: SSL client authentication with tomcat 4.1.24
&g
ort your certificate
Andy
-Original Message-
From: Duma Rolando [mailto:[EMAIL PROTECTED]
Sent: 06 June 2003 11:31
To: Tomcat Mailing List
Subject: SSL client authentication with tomcat 4.1.24
Is there anyone that have a running tomcat 4.1.24 standalone server with SSL
and clientAut
Is there anyone that have a running tomcat 4.1.24 standalone server with SSL
and clientAuth="true"?
My current config doesn't work ( i.e. Internet Explorer doesn't display my
personal certificate, Mozilla displays an error message ).I tried with only
one SSL connector on port 443 and with also an h
I'm running Tomcat 4.1.24 standalone with SSL client authentication
enabled.Internet Explorer 6.0 when I try to access the server pops up a
window that ask me which certificate will be used for client authentication,
but the list of certificates is empty!
I've tested my browser on a
require valid-user
MUCH simpler than trying to set it up in Tomcat.
Tomcat Users List <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> I want apache to do basic authentication for my tomcat servlets.
> I only want Tomcat to manage servlets - NO authorization.
>
I want apache to do basic authentication for my tomcat servlets.
I only want Tomcat to manage servlets - NO authorization.
How do I tell apache to do basic authentication when a servlet
is accessed??? I tried protecting the servlet directory in httpd.conf.
Help
What should I put in the httpd.conf to make apache
do authentication before a servlet is accessed?
Here's what I tried:
AuthType Basic
AuthName "stuff"
AuthUserFile "C:/Program Files/Apache Group/Apache2/conf/passwd
It's that simple!...you are kidding me!
Thanks Matt...I'll try it.
-Original Message-
From: Raible, Matt [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 2:08 PM
To: 'Tomcat Users List'
Subject: RE: Container Managed Authentication
-Original Message-
-Original Message-
From: Vinh Tran [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 12:04 PM
To: [EMAIL PROTECTED]
Subject: Container Managed Authentication
All:
I am using CMA with Tomcat4/Apache1.3. I have a form-based login page
pointed at j_security_check. When a user
All:
I am using CMA with Tomcat4/Apache1.3. I have a form-based login page
pointed at j_security_check. When a user submits the form the username and
password is shown in the statusbar of the browser. Also, there is a log
entry in the Apache logs that display this same URL that with
username/passw
Jerome,
> No. No username (in /var/log/httpd/access.log) for the requests to
> access pages served by my servlets.
This to me sounds worth investigating. If you have correctly set up authentication
on the URL of your servlet, then succesfully authenticated requests for this
URL should
Morgan Pyne wrote:
Hi Jacob^B^B^B^B^BJerome,
;)
Things to verify/try
1. The webserver has successfully authenticated the request, and you can see this
username appearing in the Apache access log. You mention that CGI's and other PHP pages
authenticate correctly, but verify that the URL o
Duh, I mean Jerome! Apologies - busy day in work as usual :-)
> -Original Message-
> From: Morgan Pyne
> Sent: Monday, June 02, 2003 16:50
> To: Tomcat Users List
> Subject: RE: [Re-repost] tomcat/jk2/apache: authentication
> not taken into account for webapp
: [Re-repost] tomcat/jk2/apache: authentication not
> taken into account for webapps
>
>
> Still stuck... Need help on how to debug authentication.
>
> Morgan Pyne wrote:
>
> >Hi Jacob,
> >
> Hi Morgan,
>
> The name is Jerome :) Jacob was a guy who replie
Jason, thanks
I went to the connector virtual directory and unset the basic
authentication.
it works
Thanks for your advice
-Dan
- Original Message -
From: "Jason Bainbridge" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Sunday
On Sun, 1 Jun 2003 23:01, Dan Tran wrote:
> Hello, I have my tomcat behind IIS5 thru JK2 connector.
> My tomcat has a form base authentication form.
>
> The problem here is if my tomcat form base authentication fails, IIS pops
> up its own diaglog window for another authenticatio
Hello, I have my tomcat behind IIS5 thru JK2 connector.
My tomcat has a form base authentication form.
The problem here is if my tomcat form base authentication fails, IIS pops up its own
diaglog window for another authentication.
How do I prevent this?
Regards
-Dan
I have set up form-based authentication on my web application, but am not seeing the
expected behavior.
I enter in a valid URL for my web application (which is set to be the root), e.g.
http://myserver:8080/Index.html
When I enter this URL, I am redirected to the Login.html page specified in my
I am considering to implement a custom JDBCRealm.
It should make available a method such as
boolean authenticate(String username)
perhaps in a custom Principal class.
The method should log in (authenticate) the user and return true,
if user exists (with correct roles), false otherwise.
Can an
Still stuck... Need help on how to debug authentication.
Morgan Pyne wrote:
Hi Jacob,
Hi Morgan,
The name is Jerome :) Jacob was a guy who replied to me!
I should have mentioned in my earlier post that the
tomcatAuthentication="false" should only be part of the connector
definit
Grab the pdf for the servlet-spec that you care about (TC3.3.x := 2.2,
TC4.1.x:= 2.3, TC5.x:= 2.4) and look at how to configure the
element in your web.xml file. It offers something
close to Apache's .httpaccess.
Of course, the true masochists can set tomcatAuth="false" on the connector,
and do
project wherein we have a set of ASP pages with a
custom authentication process. I have embedded a servlet into one of
these asp pages but want to avoid making the user authenticate twice
(once for the ASP pages, once again to access the servlet).
To that end, I have been doing a lot of onlin
Hello
Let me preface by saying my knowledge and experience with seurity is
primitive.
I am now working on a project wherein we have a set of ASP pages with a
custom authentication process. I have embedded a servlet into one of
these asp pages but want to avoid making the user authenticate twice
Hi Everybody,
Can anyone tell me how could I set up Tomcat (any version) to do the same
kind of user authenticate that you can do with Apache's .htaccess/.htpasswd?
I tried to find info about it, but the docs seem to focus on the servlet
container/JSP and not on static HTML page serving.
We have a mixed JSP / cgi-bin / perl environment. Currently we have
Apache doing authentication to get into the main web site and then from
there, we need additional authentication to get into JSP pages.
Currently there is no security for JSP pages so if someone browses to a
jsp page, it will
We have a mixed JSP / cgi-bin / perl environment. Currently we have
Apache doing authentication to get into the main web site and then from
there, we need additional authentication to get into JSP pages.
Currently there is no security for JSP pages so if someone browses to a
jsp page, it will
Hi all,
I need to customize form-based authentication in Tomcat
so that I can have access to the user's session when
they are authenticated. I know I can write a custom
Realm class, but I don't see how I can get access to
the HttpServletRequest or HttpSession associated with
the
- Original Message -
From: "Mark W. Webb" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Monday, March 31, 2003 4:54 PM
Subject: Re: mutual SSL authentication
> Is there a way that I can have apache handle all of the SSL? This
helps,
Janne
- Original Message -
From: "Mark W. Webb" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 28, 2003 11:04 PM
Subject: mutual SSL authentication
How can I set up SSL on tomcat 4.1 that will allow the server and client
to authenticate each other
validates the client certs against the CA keystore in
$JAVA_HOME/jre/lib/security/cacerts.
Hope this helps,
Janne
- Original Message -
From: "Mark W. Webb" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 28, 2003 11:04 PM
Subject: mutual SSL authentication
How can I set up SSL on tomcat 4.1 that will allow the server and client
to authenticate each other? from what I can tell, it looks like the
SSL-HOWTO only addresses server authentication. I have this set up on
apache, would I be better off just running tomcat on top of apache?
thanks
Here is some information I have put together on what I consider the best
practices for Tomcat Form Based Authentication. I look forward to your
comments and suggestions.
John
Best Practices for Tomcat v4.1 Form Based Authentication
John Swapceinski
Ordinate Corp.
[EMAIL PROTECTED
801 - 900 of 1842 matches
Mail list logo
