Re: Certificate Authentication for individual apps
Dear All My developer give me a .war file which I place it as jboss/server/default/deploy/test.war Thus I have around 5 .war placed in the server. All the apps are presently accessed using https://myorg.com:8080/test1/, https://myorg.com:8080/test2/ ... and so on. Next I want to implement client auth for certain apps. How do i go about it.?? Regards Thanks Mahesh S Kudva -Original Message- From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Date: Fri, 1 Jul 2005 21:56:37 -0700 Subject: Re: Certificate Authentication for individual apps Mahesh S Kudva [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi All Thanks for the note. May be I was not clear in my earlier mail. I have client authentication using certificates. I want to skip client auth for certain hosted applications on the server but preserve client auth for other apps. On the Connector leave the 'clientAuth' attribute as 'false' (or use 'want', if you really want to be annoying :). Then in the webapps that care setup your web.xml files with something like: login-config auth-methodCLIENT-CERT/auth-method /login-config In this case, any page protected by a security-constraint will force the user to send a client-cert. Unfortunately, most of the production-quality Realms that ship with Tomcat don't support CLIENT-CERT auth. For 4.1.x = tcversion = 5.0.x, there is also a request attribute that you can use to do the same thing. If you need it, search the archives. Regards Thanks Mahesh S Kudva -Original Message- From: Paul Singleton [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Fri, 01 Jul 2005 15:32:12 +0100 Subject: Re: Certificate Authentication for individual apps Mahesh S Kudva wrote: How can I have different certificate authentication for different applications and skip certificate authentication for some applications hosted on the same server. I believe that, at least under SSL, certificates authenticate *servers* not applications, and that the Connector offers a certificate before it checks, or regardless of, the context path within that server. So you need to deploy each app at a different (virtual) host, each with a different IP address. We do this currently with 5.5.9. You can use the default keystore for all hosts, and use the (undocumented) keyAlias=myalias Connector attribute to offer the appropriate certificate for each host, e.g. Connector address=288.104.197.211 port=8443 scheme=https secure=true sslProtocol=TLS keyAlias=mrk2 / (in 5.5.9 you also need sslProtocol=TLS explicitly) Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/35 - Release Date: 30/Jun/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
servlet mapping and url
i want to invoke a servlet using url like http://localhost:8080 only i have done it using http://localhost:8080/index.html where index.html is a servlet. Is it possible to load this servlet as a default just like a default web page. The point is i want a servlet to recieve a request when url http://localhost:8080 is referenced i.e without the servlet name. is it possible? - Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone.
Re: servlet mapping and url
you can configure your web.xml file and make index.jsp file as an welcome file using, welcome-file-list welcome-fileindex.jsp/welcome-file /welcome-file-list now, create index.jsp file which will simply forward the request to your servlet! Rgds, Hardik --- s s [EMAIL PROTECTED] wrote: i want to invoke a servlet using url like http://localhost:8080 only i have done it using http://localhost:8080/index.html where index.html is a servlet. Is it possible to load this servlet as a default just like a default web page. The point is i want a servlet to recieve a request when url http://localhost:8080 is referenced i.e without the servlet name. is it possible? - Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: servlet mapping and url
Hi, I don't think there is any restriction to mapping a servlet to a welcome page: servlet servlet-nameMyServlet/servlet-name servlet-classcom.company.app.MyServlet/servlet-class /servlet servlet-mapping servlet-nameMyServlet/servlet-name url-pattern/myServlet/url-pattern /servlet-mapping welcome-file-list welcome-file/myServlet/welcome-file /welcome-file-list Also, I'm not as sure, put I think just mapping the servlet to / will do the trick as well. Both are easy enough to test though, give it a shot and post back your results for the archives. Frank s s wrote: i want to invoke a servlet using url like http://localhost:8080 only i have done it using http://localhost:8080/index.html where index.html is a servlet. Is it possible to load this servlet as a default just like a default web page. The point is i want a servlet to recieve a request when url http://localhost:8080 is referenced i.e without the servlet name. is it possible? - Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Unauthorized users get 403
I have setup an application in tomcat 5.5.9 with FORM based authentication. Everything works, however, I've noticed that if a user successfully authenticates, but is not authorized by being in the specified role, they get the 403 not authorized page. I would prefer they just get the login page again. Is this possible? -Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Unauthorized users get 403
you can configure web.xml file with following entry, error-page error-code403/error-code location/errorPage403.jsp/location /error-page you can show proper error message in errorPage403.jsp page or if u want to show login page then put 'login.jsp?error=403' as location and handle the passed parameter in login.jsp page Rgds, Hardik --- David Newman [EMAIL PROTECTED] wrote: I have setup an application in tomcat 5.5.9 with FORM based authentication. Everything works, however, I've noticed that if a user successfully authenticates, but is not authorized by being in the specified role, they get the 403 not authorized page. I would prefer they just get the login page again. Is this possible? -Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Embedded example
Hi Can someone tell me where to find an example with tomcat 5.5 embedded? It seems there is nothing... Or even better: Is there a way to use the http(s) connector without tomcat? I want to direct ALL requests to ONE pure servlet and there do not need most parts of tomcat. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
