RE: Client authentication and customized error pages

2004-03-18 Thread Carlos Guardiola 
(Hi everyone! Here i'm again, asking for some help about https
authentication and custom error pages.)

Dear Mr. Bill Barker,

We've used clientAuth=want as you suggested; and now we've managed to
know that a client tried to access the application without a valid
certificate. That's is OK, and we thank you very much.

But when we try to launch an customized error page, a new error happens. It
seems that the conection with the remote browser is broken. Who closed it?
When? How? The point is that we can't return our error page...

I've seen that Mr. Alain Baucant has been working with the same problem.
Maybe he could help us.

Thanks in advice,

Carlos Guardiola


PS-

We've got the stacktrace in our catalina.out; it's quite large, i think i'm
gonna send you a shorter one ;-)

ADVERTENCIA: Exception getting SSL Cert
java.net.SocketException: Socket Closed
at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:177)
at java.net.Socket.setSoTimeout(Socket.java:924)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(DashoA6275)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Sup
port.java:137)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:1
05)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp
ort.java:163)
at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1082)
()
(Sysdate) org.apache.tomcat.util.net.jsse.JSSE14Support synchronousHandshake
INFO: SSL Error getting client Certs
javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.InputStream.read(InputStream.java:89)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Sup
port.java:126)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:1
05)
()
(Sysdate) org.apache.coyote.http11.Http11Processor action
ADVERTENCIA: Exception getting SSL Cert
javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.InputStream.read(InputStream.java:89)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Sup
port.java:126)
()

Here is the access log; it seems that it's trying to get the Error 400
page...

(client IP) - - [(Sysdate)] GET /(app. directory)/ HTTP/1.1 400 45

 

-Mensaje original-
De: news [mailto:[EMAIL PROTECTED] En nombre de Bill Barker
Enviado el: viernes, 05 de marzo de 2004 3:20
Para: [EMAIL PROTECTED]
Asunto: Re: Client authentication and customized error pages

Using clientAuth=true, the error happens too early to be able to invoke an
error-page.  You might try using clientAuth=want instead.  In this case,
the user still gets prompted for a cert, but the request continues if she
hits cancel.  It is then the responsibility of your webapp to handle the
case where there is no cert sent.

Carlos Guardiola [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]

 Hi everyone!
 I'm using SSL client authentication in a tomcat 5.0.19. Everything goes
 fine, but i need some help customizing error pages.

 When a client want to use my application, the browser asks him to choose
 a valid certificate, but perhaps he hasn't a valid one. If he doesn't
 have a certificate, the client authentication can't be done, so my
 application is never invoked. O.K.

 So, the browser shows a page not found error, wich isn't one of my
 application's customized error pages (as my application have never been
 invoked). How can i customize that error page, in order to show
 something like you need a valid certificate?

 I've created my own ErrorReportValve, used in the
 errorReportValveClass directive of the Host in my tomcat's server.xml.
 But it also seems not being invoked...

 Any help will be useful, thanks in advice,

 Carlos




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Client authentication and customized error pages

2004-03-04 Thread Carlos Guardiola 

Hi everyone! 
I'm using SSL client authentication in a tomcat 5.0.19. Everything goes
fine, but i need some help customizing error pages. 

When a client want to use my application, the browser asks him to choose
a valid certificate, but perhaps he hasn't a valid one. If he doesn't
have a certificate, the client authentication can't be done, so my
application is never invoked. O.K. 

So, the browser shows a page not found error, wich isn't one of my
application's customized error pages (as my application have never been
invoked). How can i customize that error page, in order to show
something like you need a valid certificate? 

I've created my own ErrorReportValve, used in the
errorReportValveClass directive of the Host in my tomcat's server.xml.
But it also seems not being invoked... 

Any help will be useful, thanks in advice, 

Carlos


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

worker never responding

2001-09-13 Thread Carlos Guardiola 

Hi everyone

We've got Apache 1.3.20 with Tomcat 3.2.3. Our web server is
running in port 8082. We are able to start both services,
and use properly the services for a while, but, without any
error the jsp pages are no longer working.

This is what we get in jk.log:
***

[jk_uri_worker_map.c (345)]: Into
jk_uri_worker_map_t::map_uri_to_worker

[jk_uri_worker_map.c (435)]:
jk_uri_worker_map_t::map_uri_to_worker,
done without a match
[jk_uri_worker_map.c (345)]: Into
jk_uri_worker_map_t::map_uri_to_worker

[jk_uri_worker_map.c (435)]:
jk_uri_worker_map_t::map_uri_to_worker,
done without a match
[jk_uri_worker_map.c (345)]: Into
jk_uri_worker_map_t::map_uri_to_worker

[jk_uri_worker_map.c (435)]:
jk_uri_worker_map_t::map_uri_to_worker,
done without a match
[jk_uri_worker_map.c (345)]: Into
jk_uri_worker_map_t::map_uri_to_worker

[jk_uri_worker_map.c (407)]:
jk_uri_worker_map_t::map_uri_to_worker,
Found a match ajp13
[jk_worker.c (123)]: Into wc_get_worker_for_name ajp13
[jk_worker.c (127)]: wc_get_worker_for_name, done  found a
worker
[jk_ajp13_worker.c (654)]: Into jk_worker_t::get_endpoint
[jk_ajp13_worker.c (539)]: Into jk_endpoint_t::service
[jk_ajp13.c (346)]: Into ajp13_marshal_into_msgb
[jk_ajp13.c (480)]: ajp13_marshal_into_msgb - Done
[jk_connect.c (108)]: Into jk_open_socket
[jk_connect.c (115)]: jk_open_socket, try to connect socket
= 8
[jk_connect.c (124)]: jk_open_socket, after connect ret = 0
[jk_connect.c (132)]: jk_open_socket, set TCP_NODELAY to on
[jk_connect.c (140)]: jk_open_socket, return, sd = 8
[jk_ajp13_worker.c (167)]: In
jk_endpoint_t::connect_to_tomcat,
connected sd = 8
***

Then, everytime we request a new page, then we get the next
log:
*
[jk_uri_worker_map.c (407)]:
jk_uri_worker_map_t::map_uri_to_worker,
Found a match ajp13
[jk_worker.c (123)]: Into wc_get_worker_for_name ajp13
[jk_worker.c (127)]: wc_get_worker_for_name, done  found a
worker
[jk_ajp13_worker.c (654)]: Into jk_worker_t::get_endpoint
[jk_ajp13_worker.c (539)]: Into jk_endpoint_t::service
[jk_ajp13.c (346)]: Into ajp13_marshal_into_msgb
[jk_ajp13.c (480)]: ajp13_marshal_into_msgb - Done
 a match ajp13_map.c (407)]:
jk_uri_worker_map_t::map_uri_to_worker,
Found

*

We haven´t found anything wrong in our configuration files,
please, could anyone of you help us?
Thank you,
Carlos

--

Carlos L. Guardiola Ortuño
Departamento de Desarrollo
SATEC, S.A.
Avda. Europa, 34 A
28023 MADRID

e-mail:[EMAIL PROTECTED]
http://www.satec.es
Tfno. : +34 91 7089000
Fax.  : +34 91 7089090