OK. Light dawns. Can you try using the memory realm? My realm definition looks like: <Realm className="org.apache.catalina.realm.MemoryRealm" />
Looking again at the exception it looks like a JMX issue with the UserDatabaseRealm MBean and user names containing '='. I'll have a look at the code. Mark > -----Original Message----- > From: Idoia Murua Belacortu [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 25, 2004 9:01 AM > To: Tomcat Users List > Subject: RE: tomcat certificate > > > My server.xml file has: > <Connector port="8443" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" debug="0" scheme="https" secure="true" > clientAuth="true" sslProtocol="TLS" > keystoreFile > ="/home/tomcat/jakarta-tomcat-5.0.19/conf/ssl/server/server.ks" /> > > > The tomcat-users.xml file has: > <role rolename="certs"/> > <user username="[EMAIL PROTECTED], CN=Idoia, > OU=INFOTECH, > O=ROBOTIKER, L=ZAMUDIO, ST=BIZKAIA, C=ES" password="null" > roles="certs"/> > > > The web.xml file of the application is: > > <?xml version="1.0" encoding="windows-1252"?> > <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD > Web Application > 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";> > <web-app> > <description>Empty web.xml file for Web > Application</description> > <session-config> > <session-timeout>35</session-timeout> > </session-config> > <mime-mapping> > <extension>html</extension> > <mime-type>text/html</mime-type> > </mime-mapping> > <mime-mapping> > <extension>txt</extension> > <mime-type>text/plain</mime-type> > </mime-mapping> > <welcome-file-list> > <welcome-file>index.jsp</welcome-file> > <welcome-file>index.html</welcome-file> > </welcome-file-list> > <resource-ref> > <description>Saturn database</description> > <res-ref-name>jdbc/saturn</res-ref-name> > <res-type>javax.sql.DataSource</res-type> > <res-auth>SERVLET</res-auth> > </resource-ref> > <security-constraint> > <web-resource-collection> > <web-resource-name>Protected > Area</web-resource-name> > <url-pattern>/pim.htm</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>certs</role-name> > </auth-constraint> > <user-data-constraint> > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > <login-config> > <auth-method>CLIENT-CERT</auth-method> > </login-config> > > <security-role> > <role-name>certs</role-name> > </security-role> > > </web-app> > > > When I startup Tomcat I get the following message in > "catalina.out" log > file: > > 24-mar-2004 > 17:37:55 > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener > createMBeans > GRAVE: Exception creating UserDatabase MBeans for UserDatabase > javax.management.MalformedObjectNameException: Invalid > character '=' in > value part of property > at javax.management.ObjectName.construct(ObjectName.java:563) > at javax.management.ObjectName.<init>(ObjectName.java:1300) > at > org.apache.catalina.mbeans.MBeanUtils.createObjectName(MBeanUt > ils.java:1520) > at > org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.java:783) > at > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.cr > eateMBeans(GlobalResourcesLifecycleListener.java:280) > at > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.cr > eateMBeans(GlobalResourcesLifecycleListener.java:210) > at > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.cr > eateMBeans(GlobalResourcesLifecycleListener.java:172) > at > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.li > fecycleEvent(GlobalResourcesLifecycleListener.java:144) > at > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(L > ifecycleSupport.java:166) > at > org.apache.catalina.core.StandardServer.start(StandardServer.j > ava:2338) > at > org.apache.catalina.startup.Catalina.start(Catalina.java:594) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess > orImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth > odAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:324) > at > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:297) > at > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:398) > > And when I access the "/pim.htm" page via SSL and port 8443 > it gives me a > Tomcat error in the navigator (HTTP 401). It is in Spanish, > but in English > it would be something like: > HTTP 401 Status - Impossible to authenticate with provided credentials > type: status report > message: Impossible to authenticate with provided credentials > description: This requirement requires HTTP authentication > (Impossible to > authenticate with provided credentials) > > The client certificate is signed by a CA recognised by > Tomcat, because when > I access other pages via SSL and port 8443, Tomcat > gives no eror and > accepts the client certificate. > > > Regards, > Idoia <trim> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
