Re: Problem with SSL

[Mark Thomas]

The resource you are looking for is the relevant servlet specification.
See http://java.sun.com/products/servlet/reference/api/index.html
The spec is *required* reading for anyone developing with servlets.
Be aware that INTEGRAL does not require the data to be encrypted, only 
that the integrity of the content is maintained.

Mark
[EMAIL PROTECTED] wrote:
Hey it works! Thank you for enlightening me. But i
would like to know why it works. If you can point me
to some resources to explain this.
 
I think in order for the client server to communicate
over SSL the crucial setting is 
<transport-guarantee>INTEGRAL</transport-guarantee>
NONE will mean no SSL. 
<auth-method> is just to specify how we want to
athenticate the client right?

Actually what i want to achieve is just for the client
and server to communicate over SSL for the login
screen. No need for the client to prove that he is who
he is.
Am i right about the issue?
Thanks again, you have been a great help :)

--- Mark Thomas <[EMAIL PROTECTED]> wrote:

If you don't want the clients to have to provide a
client certificate, 
don't specify CLIENT-CERT in your web.xml

Mark
[EMAIL PROTECTED] wrote:
I tried setting it to true and it still does not
work.
--- Mark Thomas <[EMAIL PROTECTED]> wrote:

From the Tomcat documentation:
<quote>
clientAuth
Set to true if you want the SSL stack to require a
valid certificate 
chain from the client before accepting a
connection.
A false value 
(which is the default) will not require a
certificate chain unless the 
client requests a resource protected by a security
constraint that uses 
CLIENT-CERT authentication.
</quote>

[EMAIL PROTECTED] wrote:

By right the client should not be asked to
present
a

cert because my server.xml setting is set to
clientAuth="false"
--- Mark Thomas <[EMAIL PROTECTED]> wrote:


The problem appears to be that no client
certificate

is presented by 
your client. Do you get prompted by your browser
to

specify a client 
certificate?

Browsers may be configured not to prompt for a
certificate in any or all 
of the following cases:
- No client certs have been imported into the
browser
- No compatible client certs have been imported
into

the browser
- Only one suitable cert was found so it was
returned (unlikely in your 
case)

Check your browser/cert configuration.
Mark
[EMAIL PROTECTED] wrote:

web.xml: 

<?xml version="1.0" encoding="ISO-8859-1"?> 
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN"
"http://localhost/dtd/web-app_2_3.dtd";>
<web-app>	
	<context-param>
		<param-name>driverClassName</param-name>
	
<param-value>com.mysql.jdbc.Driver</param-value>
	</context-param>
	<context-param>
		<param-name>dbUsername</param-name>
		<param-value>root</param-value>
	</context-param>
	<context-param>
		<param-name>dbPassword</param-name>
		<param-value>sql4dm1n2003</param-value>
	</context-param>
	
	<listener>
		<listener-class>
			MyListener
		</listener-class>
	</listener>
	
	
	<servlet>
		<servlet-name>ErrorServlet</servlet-name> 
	


<servlet-class>chapter04.ErrorServlet</servlet-class>
	</servlet>
	<servlet>
		<servlet-name>LoginServlet</servlet-name> 
	


<servlet-class>chapter04.LoginServlet</servlet-class>
                <init-param>
                        <param-name>dburl</param-name>
                

<param-value>jdbc:mysql://localhost/test</param-value>
                </init-param>
        </servlet>
        
        <servlet-mapping>
                <servlet-name>LoginServlet</servlet-name>
                <url-pattern>/login</url-pattern>
        </servlet-mapping>
        <servlet-mapping>
                <servlet-name>ErrorServlet</servlet-name>
                <url-pattern>/error</url-pattern>
        </servlet-mapping>
        
        <welcome-file-list>
                <welcome-file>/login.html</welcome-file>
        </welcome-file-list>
        
        <error-page>
                <error-code>403</error-code>
                <location>/login.html</location>
        </error-page>
        <!--
        <error-page>
        

<exception-type>java.sql.SQLException</exception-type>
                <location>/error</location>
        </error-page>
        -->
        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>login
servlet</web-resource-name>
                        <url-pattern>/login</url-pattern>>
                        <http-method>POST</http-method>
                </web-resource-collection>
                
                <auth-constraint>
                        <role-name>manager</role-name>
                </auth-constraint>
                
                <user-data-constraint>
                

<transport-guarantee>INTEGRAL</transport-guarantee>
                </user-data-constraint>
                
        </security-constraint>
        
        <login-config>
                <auth-method>CLIENT-CERT</auth-method>
                <realm-name>sales</realm-name>
                <!--
                <form-login-config>
                
<form-login-page>/auth.html</form-login-page>
                
<form-error-page>/error.html</form-error-page>
                </form-login-config>
                -->
        </login-config>
        
        <security-role>
                <role-name>manager</role-name>
        </security-role>
                
</web-app>

=== message truncated ===

		
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]