Could you send us a sample of that "web.xml" file? I am also using client certificates over SSL with Tomcat, but as I could not find much information about it in Tomcat I configured it with Apache.
Idoia "Mark Thomas" <[EMAIL PROTECTED] Para: "'Tomcat Users List'" <[EMAIL PROTECTED]> > cc: Asunto: RE: tomcat certificate 17/03/04 21:22 Por favor, responda a "Tomcat Users List" This is not correct. Tomcat does support CLIENT-CERT authentication 'out-of-the-box'. When combined with appropriate authorisation constraints in web.xml you can limit access to specific URLs. I have this working quite happily. Mark > -----Original Message----- > From: Rommel Sharma [mailto:[EMAIL PROTECTED] > Sent: Monday, February 23, 2004 11:28 AM > To: Tomcat Users List > Subject: Re: tomcat certificate > > Tomcat as such on its own does not parse and validate a certificate. > I don't think its possible. You can identify a client through the > certificate alias the client uses. > Access to specific URLs depends on the server certificate > where you specify > the URL and send the client your public key. > I think there is no automatic mechanism in Tomcat that studies the > certificate and allows access to specific URLs. This needs to > be implemented > by any our deployed programs. > > ----- Original Message ----- > From: "secam secam" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Monday, February 23, 2004 4:17 PM > Subject: Re: tomcat certificate > > > Thanks, > > > > Here is my real problem, > > > > I've got an external server that authentificate user and deliver a > certicate with the trio User/Group/Role. > > > > In fact, i just want that the certificate give information > of the user to > tomcat in order to permit the access to some specifics url. > > > > Is it possible? > > > > Regard's > > > > Secam > > > > Rommel Sharma <[EMAIL PROTECTED]> wrote: > > If you mean two way authentication using SSL, then you have > to write the > > code that reads clients certificate and matches it with one > present in > > client keystore on the server. You enable client authentication in > > server.xml for this and specify the serverkeystore and > password in it. > > Regards, > > Rommel Sharma. > > > > ----- Original Message ----- > > From: "secam secam" > > To: > > Sent: Monday, February 23, 2004 3:30 PM > > Subject: tomcat certificate > > > > > hello, > > > > > > I'm a new user of tomcat. > > > Can tomcat authenticate a user with a certifcate ? > > > > > > Thanks, > > > Secam > > > > > > > > > --------------------------------- > > > Yahoo! Mail : votre e-mail personnel et gratuit qui vous > suit partout ! > > > Créez votre Yahoo! Mail > > > > ********************************************************* > > Disclaimer > > > > This message (including any attachments) contains > > confidential information intended for a specific > > individual and purpose, and is protected by law. > > If you are not the intended recipient, you should > > delete this message and are hereby notified that > > any disclosure, copying, or distribution of this > > message, or the taking of any action based on it, > > is strictly prohibited. > > > > ********************************************************* > > Visit us at http://www.mahindrabt.com > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------- > > Yahoo! Mail : votre e-mail personnel et gratuit qui vous > suit partout ! > > Créez votre Yahoo! Mail > > ********************************************************* > Disclaimer > > This message (including any attachments) contains > confidential information intended for a specific > individual and purpose, and is protected by law. > If you are not the intended recipient, you should > delete this message and are hereby notified that > any disclosure, copying, or distribution of this > message, or the taking of any action based on it, > is strictly prohibited. > > ********************************************************* > Visit us at http://www.mahindrabt.com > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Idoia Murua Belacortu Dpto. de Sistemas de Información y Telecomunicaciones Information Systems & Telecommunications Dept. ROBOTIKER, Corporación Tecnológica TECNALIA. Parque Tecnológico, Edificio 202. E-48170 Zamudio (Bizkaia) (SPAIN). Tel: (34) 94 600 22 66. Fax: (34) 94 600 22 99 [EMAIL PROTECTED], www.robotiker.com "Este correo electrónico contiene información privada que puede estar legalmente protegida, parcial o totalmente. Es sólo para uso del destinatario al que está dirigido. Si ha recibido este mensaje por error, le rogamos que lo notifique al remitente del email y que además borre de su sistema el mensaje así como todas sus copias, incluyendo las posibles copias del mismo en su disco duro, y se abstenga de usar, revelar, distribuir a terceros, imprimir o copiar ninguna de las partes de este mensaje". "Mezu elektroniko honek informazio pribatua du, partzialki edo osorik legez babestuta egon daitekeena. Bidali nahi zaion hartzaileak erabiltzeko bakarrik da. Mezu hau hutsegite baten ondorioz jaso baduzu, mesedez, mezuaren igorleari jakinaraztea eta mezua eta horren kopia guztiak ezabatzea eskatzen dizugu, disko gogorrean izan ditzakezunak barne. Eta, orobat, ez erabili mezu honen zatirik, ez eta erakutsi, beste pertsona batzuei banatu, inprimatu edo berridatzi ere". "This e-mail contains proprietary information some or all of which may be legally protected. It is for sole use of the intended recipient only. If you have received this message by mistake, you are requested to notify the e-mail sender and erase both the message and any copies from your system, including hard disk copies. You are further requested to refrain from using, distributing to third parties, printing or making copies of any parts of this message". --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]