With Tomcat 4.1.18 there is an (undocumented??) attribute in the request,
which holds the certificate trust chain as an X509Certificate[].
request.getAttribute("javax.servlet.request.X509Certificate")
I have seen exceptions under Tomcat 4.1.12 (some SSL HANDSHAKE problem)
in the log, which explain why there was no such attribute in the request.
- Josef
----- Original Message -----
From: "Bodycombe, Andrew" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Friday, March 14, 2003 12:19 PM
Subject: RE: Do you run Tomcat with SSL?
You can write a class that implements the X509TrustManager interface.
Then initialize your SSLContext with this TrustManager.
Get a SocketFactory for your SSLContext.
Finally, set this as the default SocketFactory for all HttpsUrlConnections.
The code in your checkClientTrusted method will execute every time someone
tries
to make a connection via HTTPS. This method takes an array of
X509Certificates
as a parameter (the whole certificate chain, not just the supplied client
certificate)
HTH
Andy
-----Original Message-----
From: Josef Templ [mailto:[EMAIL PROTECTED]
Sent: 14 March 2003 11:10
To: Tomcat Users List
Subject: Re: Do you run Tomcat with SSL?
I can confirm that it works. I am using tomcat 4.1.12.
The only point I have not solved so far is how to get
access to the client certificate in my servlet or JSP.
I would like to do programmatic security, i.e. store
users in a database and verify the authenticated user
in a JSP or servlet.
Does anybody know if this is possible at all?
- Josef Templ
----- Original Message -----
From: "Gabriel Santonja" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, March 14, 2003 11:56 AM
Subject: Re: Do you run Tomcat with SSL?
> On Thu, 13 Mar 2003 19:51:57 -0800 (PST)
> Mark Liu <[EMAIL PROTECTED]> wrote:
>
> > I know you guys have your great strategies in
> > balancing Apache and Tomcat.
> >
> > But, my project isn't really so picky about
> > efficiency, so I simply run Tomcat with SSL all the
> > time. It simplifies my project a little bit.
> >
> > But then I do need to be able to run Tomcat SSL with
> > the certificated generated by my little Java program.
> Why don't you use the SSL HOwto in tomcat?. I'am not sure on windows but
> on linux it work fine with SSL on the 8443 port
>
> Actually my own problem is to use SSL only in realm login page but it's
> visibly difficult.
> Goodbye.
> ___________________________________________________________
> Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
> Yahoo! Mail : http://fr.mail.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
