Fantastic, thanks; I will investigate this approach, as well. -- Jim Wong ([EMAIL PROTECTED])
-----Original Message----- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 2:13 PM To: '[EMAIL PROTECTED]' Subject: RE: SSL Client Auth with Tomcat and Axis FWIW, as I haven't don't that, AFAIK, yes and yes. Chris -----Original Message----- From: Jim Wong [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 5:15 PM To: [EMAIL PROTECTED] Subject: RE: SSL Client Auth with Tomcat and Axis Thanks, that's an interesting approach and one I'd considered. What wasn't clear to me was whether you could use Tomcat's roles to control access to particular web services. For example, suppose I wanted to expose one operation to all users: QueryData queryDatabase(searchKey); But I only wanted to expose another operation to other users: void deleteData(searchKey) Can I use Tomcat to differentiate between these operations without deploying multiple copies of the web app? Can I assume that every service I publish will have a distinct URL that I can use for access control? Thanks again... -- Jim Wong ([EMAIL PROTECTED]) -----Original Message----- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 9:44 AM To: '[EMAIL PROTECTED]' Subject: RE: SSL Client Auth with Tomcat and Axis You should probably use Tomcat's roles and do user security that way. Have client auth to ensure it's a trusted machine, and then the roles to determine the user info. Chris -----Original Message----- From: Jim Wong [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 12:45 PM To: [EMAIL PROTECTED] Subject: RE: SSL Client Auth with Tomcat and Axis Thanks for the response. We're primarily interested in extracting the subject name from the certificate, so that we can use it to authorize some users to use specific resources and other users to use other resources. Is this doable, or is there a better way? -- Jim Wong ([EMAIL PROTECTED]) -----Original Message----- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 6:17 AM To: '[EMAIL PROTECTED]' Subject: RE: SSL Client Auth with Tomcat and Axis What kind of information do you want to get from the cert? Chris -----Original Message----- From: Jim Wong [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 13, 2004 7:52 PM To: [EMAIL PROTECTED] Subject: SSL Client Auth with Tomcat and Axis On a somewhat related note, I'm just getting started on trying to build an application using Axis, Tomcat and SSL. I would like to use client authentication, but I haven't been able to find documentation that explains how (assuming it's possible) one could access information from the client's certificate from within a web service or handler. Am I missing something blindingly obvious? As I mentioned, I'm new to this, so it's distinctly possible... -- Jim Wong ([EMAIL PROTECTED]) -----Original Message----- From: Hubble, Christopher [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 12, 2004 5:58 AM To: '[EMAIL PROTECTED]' Subject: RE: 2 way SSL with Axis and Tomcat as a Service I pretty much used this guide (and the new chapter it links to) to do it. http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html Pretty much everything you need to know is in the SSL section of the new chapter. It starts on page 16 of the pdf. You gen your keystores and truststores, making sure to place them on the appropriate machines. Then change server.xml. I didn't use JCEKS and all of my stuff works. The hard part was installing Tomcat as a service with the truststore attribute set. For some reason, Tomcat doesn't let you set it in server.xml. Then you just modify your client to use https and include the keystore and truststore. Other than a typo, the CL version worked perfectly. I had to just play around with tomcat.exe to get it installed as a service, tho. Chris -----Original Message----- From: Silvano Maffeis [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 12, 2004 2:30 AM To: [EMAIL PROTECTED] Subject: Re: 2 way SSL with Axis and Tomcat as a Service Hubble, Christopher wrote: >Welp, after much trial and tribulation, I finally got axis using 2 way ssl. >This required me to custom set up tomcat as a service, and I finally >got that working. Once I get my code all cleaned up, I'll post the >relavent details. > >Chris > > That would be much appreciated, thanks :-) Silvano This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, do not forward this email to any other person, delete this e-mail and destroy all copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, do not forward this email to any other person, delete this e-mail and destroy all copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, do not forward this email to any other person, delete this e-mail and destroy all copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, do not forward this email to any other person, delete this e-mail and destroy all copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal.
