Client authentication using Keystores...
Hi all, I would like to enrol my server to accept authenticated connections from authorized parties using X.509 certificates. I follow the instructions indicated in SSL Configuration HOW-TO (http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html) and I generate my keystore file with the certificate/private key of the web server and the CA certificate. The client authentication only works if I add the CA certificate into the $JAVA_HOME/jre/lib/security/cacerts. If the Tomcat keystore contains the CA certificate but not the JDK keystore... the client authentication fails. Can somebody tell me how can I manage these keystores and to add only the CA certificate in the Tomcat keystore... leaving the original JDK keystore intact?? Thanks! -- Manuel Gil Pérez - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Change the name of a servlet in runtime
Hi all. I have a servlet that reads a file from disk and it returns as output stream in the servlet (octect-stream). From web browser, when I execute this servlet the file is stored with the servlet name. How can I change this name to the file name?? Regards... Manuel Gil. --- ServletOutputStream toClient = response.getOutputStream(); res.setContentType(application/octet-stream); toClient.write(file_bytes); toClient.close(); return; - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Two Realms for client authentication
Hi. Can I use two Realms for client authentication?? I would like to define a set of servlets that uses a Realm and another set of sevlets that uses another Realm. Can I make this?? Regards. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Read parameters from web.xml
Hi all. I've creating my own JNDIRealm and I would like to read the parameters from $CATALINA_HOME/webapps/example/WEB-INF/web.xml file. How I can to read these parameters?? Regards. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
CLIENT-CERT authentication method
Hi all. Currently (in Tomcat 4.1.18), is CLIENT-CERT authentication method defined within Realm?? Regards. -- login-config auth-methodCLIENT-CERT/auth-method realm-nameOnJava Application/realm-name /login-config - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
CLIENT-CERT for client authentication (with MemoryRealm)
Hi all. Currently, I have a secure web application with Apache + mod_ssl and it does work fine. I would like change to Tomcat with security constraints for directories (with client authentication). For this, I would like to protect a resource with a MemoryRealm. I'm following these steps: 1. Open tomcat/conf/server.xml and uncomment the following line: Realm className=org.apache.catalina.realm.MemoryReal/ 2. Open tomcat/webapps/demo/WEB-INF/web.xml to add the following security constraint: security-constraint web-resource-collection web-resource-nameOnJava/web-resource-name url-pattern/dirDemo/*/url-pattern /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodCLIENT-CERT/auth-method realm-nameOnJava/realm-name /login-config 3. In tomcat/conf/tomcat-users-xml I have the following user: user username=CN=anon, OU=OU test, O=O test, C=ES password= roles=tomcat/ The username is the same that the certificate's distinguished name. Stop and restart the Tomcat server. When I open the URL: https://localhost:8443 I obtain the error: HTTP Status 403 - Cannot authenticate with the provided credentials Can somebody help me in my error?? Thanks for advance and regards. -- Tomcat: version 4.1.18 with SSL SO: Red Hat 7.3 -- Manuel Gil Pérez - Proyecto m-PISCIS DIIC - Dpto. Ingeniería de la Información y las Comunicaciones Facultad de Informática - Universidad de Murcia (Spain) Tfo: +34 968228258 ANTS Research Group - http://ants.dif.um.es
