Hi,
I am developing an application where I managed to use client
authentication requiring a certificate installed in the browser. I have
remarked anyway that when a certificate is expired or there is no
certificate at all, Tomcat doesn't allow the user to use the
application. This is right after all but I find it too much restrictive
in its behaviour since I can't even load static pages. I would like to
be able to decide what to do when a certificate is expired or there is
no certificate, possibly in the former case to display a message to
renovate the certificate, in the latter to display another message that
the application could only be accessed with a valid certificate.
On the contrary, Tomcat logs an exception like this:
25-lug-2005 9.59.32 org.apache.tomcat.util.net.jsse.JSSE14Support
synchronousHan
dshake
INFO: SSL Error getting client Certs
javax.net.ssl.SSLHandshakeException: null cert chain
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.InputStream.read(InputStream.java:89)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JS
SE14Support.java:88)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support
.java:67)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(J
SSESupport.java:120)
at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:
1049)
at org.apache.coyote.Request.action(Request.java:365)
at
org.apache.coyote.tomcat4.CoyoteRequest.getAttribute(CoyoteRequest.ja
va:768)
at
org.apache.coyote.tomcat4.CoyoteRequestFacade.getAttribute(CoyoteRequ
estFacade.java:89)
at
org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAu
thenticator.java:134)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:479)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:594)
at
org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve
.java:199)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:594)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:433)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:948)
at
org.apache.catalina.core.StandardContext.invoke(StandardContext.java:
2358)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:133)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:596)
at
org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatche
rValve.java:118)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:594)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:116)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:594)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
534)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:594)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:433)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:948)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:127)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:596)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:433)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:948)
at
org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:15
2)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:799)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
ssConnection(Http11Protocol.java:705)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java
:577)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:683)
at java.lang.Thread.run(Thread.java:534)
...
Does anybody know how could I do to achieve my purpose? Any help
appreciated, thank you very much.
Fabrizio
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]