RE: tomcat certificate

Thu, 18 Mar 2004 00:05:33 -0800 

Could you send us a sample of that "web.xml" file?
I  am  also  using client certificates over SSL with Tomcat, but as I could
not find much information about it in Tomcat I configured it with Apache.

Idoia


                                                                                       
                                                
                      "Mark Thomas"                                                    
                                                
                      <[EMAIL PROTECTED]        Para:     "'Tomcat Users List'" 
<[EMAIL PROTECTED]>                        
                      >                        cc:                                     
                                                
                                               Asunto:   RE: tomcat certificate        
                                                
                      17/03/04 21:22                                                   
                                                
                      Por favor,                                                       
                                                
                      responda a                                                       
                                                
                      "Tomcat Users                                                    
                                                
                      List"                                                            
                                                
                                                                                       
                                                
                                                                                       
                                                



This is not correct. Tomcat does support CLIENT-CERT authentication
'out-of-the-box'. When combined with appropriate authorisation constraints
in
web.xml you can limit access to specific URLs.

I have this working quite happily.

Mark

> -----Original Message-----
> From: Rommel Sharma [mailto:[EMAIL PROTECTED]
> Sent: Monday, February 23, 2004 11:28 AM
> To: Tomcat Users List
> Subject: Re: tomcat certificate
>
> Tomcat as such on its own does not parse and validate a certificate.
> I don't think its possible. You can identify a client through the
> certificate alias the client uses.
> Access to specific URLs depends on the server certificate
> where you specify
> the URL and send the client your public key.
> I think there is no automatic mechanism in Tomcat that studies the
> certificate and allows access to specific URLs. This needs to
> be implemented
> by any our deployed programs.
>
> ----- Original Message -----
> From: "secam secam" <[EMAIL PROTECTED]>
> To: "Tomcat Users List" <[EMAIL PROTECTED]>
> Sent: Monday, February 23, 2004 4:17 PM
> Subject: Re: tomcat certificate
>
> > Thanks,
> >
> > Here is my real problem,
> >
> > I've got an external server that authentificate user and deliver a
> certicate with the trio User/Group/Role.
> >
> > In fact, i just want that the certificate give information
> of the user to
> tomcat in order to permit the access to some specifics url.
> >
> > Is it possible?
> >
> > Regard's
> >
> > Secam
> >
> > Rommel Sharma <[EMAIL PROTECTED]> wrote:
> > If you mean two way authentication using SSL, then you have
> to write the
> > code that reads clients certificate and matches it with one
> present in
> > client keystore on the server. You enable client authentication in
> > server.xml for this and specify the serverkeystore and
> password in it.
> > Regards,
> > Rommel Sharma.
> >
> > ----- Original Message -----
> > From: "secam secam"
> > To:
> > Sent: Monday, February 23, 2004 3:30 PM
> > Subject: tomcat certificate
> >
> > > hello,
> > >
> > > I'm a new user of tomcat.
> > > Can tomcat authenticate a user with a certifcate ?
> > >
> > > Thanks,
> > > Secam
> > >
> > >
> > > ---------------------------------
> > > Yahoo! Mail : votre e-mail personnel et gratuit qui vous
> suit partout !
> > > Créez votre Yahoo! Mail
> >
> > *********************************************************
> > Disclaimer
> >
> > This message (including any attachments) contains
> > confidential information intended for a specific
> > individual and purpose, and is protected by law.
> > If you are not the intended recipient, you should
> > delete this message and are hereby notified that
> > any disclosure, copying, or distribution of this
> > message, or the taking of any action based on it,
> > is strictly prohibited.
> >
> > *********************************************************
> > Visit us at http://www.mahindrabt.com
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> > ---------------------------------
> > Yahoo! Mail : votre e-mail personnel et gratuit qui vous
> suit partout !
> > Créez votre Yahoo! Mail
>
> *********************************************************
> Disclaimer
>
> This message (including any attachments) contains
> confidential information intended for a specific
> individual and purpose, and is protected by law.
> If you are not the intended recipient, you should
> delete this message and are hereby notified that
> any disclosure, copying, or distribution of this
> message, or the taking of any action based on it,
> is strictly prohibited.
>
> *********************************************************
> Visit us at http://www.mahindrabt.com
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Idoia Murua Belacortu
Dpto. de Sistemas de Información y Telecomunicaciones
Information Systems & Telecommunications Dept.
ROBOTIKER, Corporación Tecnológica TECNALIA.
Parque Tecnológico, Edificio 202. E-48170 Zamudio (Bizkaia) (SPAIN).
Tel:  (34) 94 600 22 66. Fax: (34) 94 600 22 99
[EMAIL PROTECTED], www.robotiker.com

"Este  correo  electrónico  contiene  información  privada  que puede estar
legalmente   protegida,   parcial  o  totalmente.  Es  sólo  para  uso  del
destinatario  al  que está dirigido. Si ha recibido este mensaje por error,
le rogamos que lo notifique al remitente del email y que además borre de su
sistema  el  mensaje  así  como  todas  sus copias, incluyendo las posibles
copias  del  mismo  en  su  disco  duro,  y  se  abstenga de usar, revelar,
distribuir  a  terceros,  imprimir  o  copiar ninguna de las partes de este
mensaje".
"Mezu elektroniko honek informazio pribatua du, partzialki edo osorik legez
babestuta  egon  daitekeena.  Bidali  nahi  zaion  hartzaileak  erabiltzeko
bakarrik  da.  Mezu  hau  hutsegite  baten  ondorioz  jaso baduzu, mesedez,
mezuaren   igorleari  jakinaraztea  eta  mezua  eta  horren  kopia  guztiak
ezabatzea  eskatzen  dizugu,  disko gogorrean izan ditzakezunak barne. Eta,
orobat,  ez  erabili  mezu  honen  zatirik, ez eta erakutsi, beste pertsona
batzuei banatu, inprimatu edo berridatzi ere".
"This  e-mail  contains proprietary information some or all of which may be
legally  protected.  It  is for sole use of the intended recipient only. If
you  have received this message by mistake, you are requested to notify the
e-mail  sender  and erase both the message and any copies from your system,
including  hard  disk  copies.   You  are further requested to refrain from
using,  distributing  to  third  parties,  printing or making copies of any
parts of this message".





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to