possible values are "true", "want", and (I presume) "false".
I use client authentication in (non-embedded) Tomcat, and "true" does indeed require client authentication.
-Jim
Sander Smith wrote:
Doug,
Thanks for your help but this isn't what I need. Yes, I want the client to present a certificate for validation during the SSL handshake, but your solution is not available to me. You suggest putting something in a config file, but I'm running Tomcat embedded, so all of the configuration is happening programmatically.
I have a org.apache.coyote.tomcat5.CoyoteConnector and I call setKeystoreFile(...), setKeyAlias(...), etc. to set up the server side SSL, and this is working great. When I want to request a client certificate I would expect to call setClientAuth(...) to do this. However, I'd expect to pass a boolean into this method, but instead, the interface requires a String!!! To make matters worse, there's no documentation to say what this string is.
Does anyone know how to do this programmatically??
Sander Smith
At 08:20 AM 6/1/2004 -0400, you wrote:
Sander,
If what you want is to have the client present a certificate for validation,
then in your connector have something like
clientAuth="true"
See http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
If you are looking for something different let us know.
Doug www.parsonstechnical.com
----- Original Message ----- From: "Sander Smith" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 01, 2004 6:29 AM Subject: SSL Client Authorization
> I'm writing an application with SSL that's been working fine, and would
> like to enable client authorization. It seemed like the thing to do was go
> to my connector (org.apache.coyote.tomcat5.CoyoteConnector) and enable it
> there. Lo and behold there is a method (setClientAuth) that seems to do
> what I want, but for some strange reason it takes a string as an argument
> instead of a boolean. What am I missing here?? How do I enable this?
>
> Sander Smith
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
