Hello, I'm running into problems when I try to configure tomcat to
validate the client by its https cert with big requests. I'm using it
with forms and when the send the form to the server with big
(10-15Kbytes) requests it fails, but when I send small (90 bytes)
requests it works.
I have on the web.xml a security constrain:
<security-constraint>
<web-resource-collection>
<web-resource-name>Mutual auth</web-resource-name>
<url-pattern>/page1.htm</url-pattern>
<url-pattern>/page2.htm</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>clientHttpsRole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>
CONFIDENTIAL
</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
<security-role>
<role-name>clientHttpsRole</role-name>
</security-role>
and I created the user:
<user username="CN=WHATEVER" password="null" roles="clientHttpsRole"/>
Here is the snip with the https connector of the server.xml:
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreType="JKS"
keystoreFile="keystore" keystorePass="password"
truststoreFile="keystore" truststorePass="password"/>
What makes me worry is that it works fine when I set the https connector
with clientAuth="true".
--
Atentamente,
Nicolás Velásquez O.
Bogotá, Colombia
(^) ASCII Ribbon Campaign
X NO HTML/RTF in e-mail
/ \ NO Word docs in e-mail
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
