Thx for response, Will it be developed in next releases of tomcat 7? Or it won't because there is no such need, and such issues should be handled some other way? If some other way is recommended, than how should such functionality be handled?
Regards Jakub On Fri, Aug 23, 2013 at 1:09 PM, Mark Thomas <ma...@apache.org> wrote: > On 23/08/2013 11:02, Ja kub wrote: > > Hallo > > > > I use https with client cert authentication > > > > <Connector protocol="...Http11NioProtocol" SSLEnabled="true" > > scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" > > keystoreFile="...jks" key..Pass="..." keystoreType="JKS" > > truststoreFile="...jks" trust..Pass=".." > > /> > > > > AccessLogValve cannot be placed inservice, only in engine (host, > context), > > but if client has bad/untrusted cert or no cert at all, possibly > connector > > doesn't pass him to engine and to AccessLogValve. > > > > How can I log such access attempts with tomcat ? > > Out of the box there is no way to do this. > > There are a couple of ways you might do this with some custom code. > > You could implement a custom trust manager that logged failures although > even then, the trust manager doesn't have access to the connection so > you can't log IP address and the like. > > You could also modify the Tomcat connector code. All the endpoints > trigger the handshake and then immediately disconnect of the handshake > fails. It should be possible to log those failures although getting > those entries into the access log would be a little trickier but not too > bad looking at the source. > > Mark > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
