-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sushil,
On 10/29/13, 4:27 AM, Mark Thomas wrote:
On 29/10/2013 05:57, Sushil Prusty wrote:
Hi All,
In server.xml i need to setup clientauth value dynamically .Is
there any java apace api available to set value at runtime or any
other alternative option ?
Connector clientAuth=false ...
The behaviour varies by connector.
The BIO connector uses the value for clientAuth when the server
socket is created and doesn't update it. It looks like it should be
possible to update it dynamically but the code doesn't do that.
The NIO connector uses the value for clientAuth at the point where
the client makes a connection. Therefore dynamic updates to
clientAuth (e.g. via JMX) should take effect with the next
attempted connection.
The APR connector uses a different attribute so I guess you aren't
using it. For completeness, it uses the value when the server
socket is created and doesn't update it. It might be possible to
update it dynamically but the code doesn't do that.
Another option is to set clientAuth=want and then implement the
cert-checking yourself.
See a post of mine from the archives that includes the
relatively-simple Java code to check the certificate chain (note that
it's not using OCSP or anything like that):
http://markmail.org/message/kzxsamuiu6bldjmv
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJScAIHAAoJEBzwKT+lPKRYxFEP/3jxMblvqFDjk0/1VTLm6UUz
UdJqpZZBxkMgXnv91zslAMDNfUh/HcG8mjsyNPhKQNenYz9kT4hmoGNaszpZD3cX
64NQbDAvAxwKGFZHaQTSqH/0C9v1aZ97efrl+cagGhnPhZ50S+RCY3u5iD+btSQD
p/uLzhaX46aiEbj6cxxWO13IZMLT42nTeGlyglGb5rHgdGZ8Uc/DBTGXus1dBGrK
wrWzSQunOvVv3ZddmIwwxfrW9b/uuUMf6l0F28kp2aNhd0e4LfpxohtgfW7iO22h
wzuwtqRqCphkAHQ2rUMnlcdG3pSSKZMvJb2TnmeLhNrkc80NHDLG2w1YhKPJdJ3S
GN8ZQDpCHvHwoH2Duh23HSqrcAX1NPb9Jhr1Et3Wnf1YYV1eSRPX8fOSBUJVw/bj
AYoppMy37C+Za8H+Bf8MsoAjZVSyRsADLbxX4h7dVDZZpE5hXtgBmtsWNsGxNXmC
qdhLdpueMV2Pprm0jkcL9IuUjVvzwmEuzV9U9byiNjLsSU624OKp/hKZdIYbEWDM
bBFR4+Ahv/IFpLdquTjtf/b/XgG5KCKRRoShLvnUjRTx/N5AHigpbXmskPY96a39
VoEgzC8RruEB0P6J9TOmwjGN7eMt9+WW6Y3SuOrDX4R6tV8lyRKqvUQHuL1CZm+k
+C8Ps/w8y8Tl7JW7WBw4
=n0Y7
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org