How to apply CLIENT_CERT to a page

Sat, 30 Oct 2004 18:42:52 -0700 

I am trying to secure a single url_pattern but get errors when I try to use 
CLIENT_CERT.  I have a new installation of Tomcat 5.53 with no changes to 
the configuration except uncomment the SSL connector in server.xml.

Here's what works:

- An SSL connector is installed on port 443 and I get the proper certificate 
back when I connect via https to the server

- If I change the connector to clientAuth="true" I am prompted for a client 
cert when I connect to any page on the server using https.

- I have set the transport-guarantee to CONFIDENTIAL for the url I am trying 
to constrain and connections to that page always switch to https.

What does not work is if I change the <auth-method> to CLIENT_CERT from 
BASIC.  I get an error message (shown below).  Does anyone have any examples 
of a web-xml that does work with CLIENT_CERT or have an idea what the 
problem could be?

I have included my (very simple) web.xml below as well as the error message 
I receive.

web.xml
----------

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd";>
<web-app>

 <!-- General description of web application -->
 <display-name>ROOT</display-name>
 <description>Web Site</description>

 <!-- Url Security Constraints-->
 <security-constraint>
  <web-resource-collection>
   <url-pattern>/test.htm</url-pattern>
   <http-method>GET</http-method>
   <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
   <role-name>*</role-name>
  </auth-constraint>
  <user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
 </security-constraint>

 <!-- Login Configuration -->
 <login-config>
  <auth-method>CLIENT_CERT</auth-method>
 </login-config>

</web-app


stdout errors
----------------
Oct 30, 2004 6:26:43 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive ROOT.war
Oct 30, 2004 6:26:43 PM org.apache.catalina.startup.ContextConfig 
authenticatorConfig
SEVERE: Cannot configure an authenticator for method CLIENT_CERT
Oct 30, 2004 6:26:43 PM org.apache.catalina.startup.ContextConfig start
SEVERE: Marking this application unavailable due to previous error(s)




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to