RE: Configuration of ?

Martin Gainty Sun, 04 May 2014 05:21:27 -0700

> Date: Sun, 4 May 2014 12:42:04 +0530
> Subject: Configuration of <auth-constraint> ?
> From: [email protected]
> To: [email protected]
> 
> I am using client certificates in my application. Here is the configuration
> i did
> 
> Step1:-
> 
> Added below snippet in tomcat-users.xml file
> 
>     <role rolename="certrole"/>
>     <user username="ignoreAndCheckInWebApp" password="nopass"
> roles="certrole"/>
> 
> 
> Step 2:-
> Added below sniipet in web.xml
> 
>      <security-constraint>
>         <web-resource-collection>
>           <web-resource-name>Client Certificate Auth</web-resource-name>
>           <url-pattern>/MyClientAuthenticator.jsp</url-pattern>
>         </web-resource-collection>
>         <auth-constraint>
>           <role-name>certrole</role-name>
>         </auth-constraint>
>       </security-constraint>
>       <login-config>
>         <auth-method>CLIENT-CERT</auth-method>
>       </login-config>
> 
> placed a jar file conatining MySSlAuthentication.java into the lib folder
> of Tomcat.
> 
> 
> Step3:-
> Then added below valve element under tomcat\conf\context.xml
> 
>      <Valve className="MySSlAuthentication"/>
> 
> 
> So its more or less th eprocedure mentioned at
> http://twoguysarguing.wordpress.com/2009/11/03/mutual-authentication-with-client-cert-tomcat-6-and-httpclient/
> 
> 
> My understanding when browser  tries to call the MyClientAuthenticator.jsp,
> server asks the client certificate from browser. But why do we need two
> entries
> * <role rolename="certrole"/> *
> *<user username="ignoreAndCheckInWebApp" password="nopass"
> roles="certrole"/> *under tomcat-users.xml and what is the use of  below
> entry ?
> 
> *<auth-constraint>*
> *          <role-name>certrole</role-name>*
> * </auth-constraint>*


MG> for the URL presented at /MyClientAuthenticator.jsp
>           <url-pattern>/MyClientAuthenticator.jsp</url-pattern>
>         </web-resource-collection>
>         <auth-constraint>

MG>The role from tomcat-users.xml defined as 'certrole'
>           <role-name>certrole</role-name>
>         </auth-constraint>
>       </security-constraint>
>       <login-config>

MG>would be authenticated (based on the contents of  the presented Client Cert)
>         <auth-method>CLIENT-CERT</auth-method>
>       </login-config>

MG>Makes Sense?

RE: Configuration of ?

Reply via email to