Which version of tomact are you using? Mark
> -----Original Message----- > From: Idoia Murua Belacortu [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 23, 2004 5:00 PM > To: Tomcat Users List > Subject: RE: tomcat certificate > > > I have configured the files as you said in the e-mail, but > when I start > Tomcat I get the following error in "catalina.out" file: > Exception creating UserDatabase MBeans for UserDatabase > javax.management.MalformedObjectNameException: Invalid > character '=' in > value part of property > > And it is because of the following property value in the > "tomcat-users.xml" > file: > username="CN=Mark Thomas, OU=WWW, O=XXX, L=YYY, ST=ZZZ, C=GB" > It seems tomcat does not like the �=' character inside a > property value. > I have also tried writing: > username="CN\=Mark Thomas, OU\=WWW, O\=XXX, L\=YYY, ST\=ZZZ, C\=GB" > But I still get the same error. > > Don�t you get the same error message? How can I avoid this? > > Thanks in advance and regards, > Idoia > > > > > > > > "Mark Thomas" > > > <[EMAIL PROTECTED] Para: > "'Tomcat Users List'" <[EMAIL PROTECTED]> > > > cc: > > > Asunto: RE: > tomcat certificate > > 18/03/04 20:46 > > > Por favor, > > > responda a > > > "Tomcat Users > > > List" > > > > > > > > > > > > The important files are: > server.xml: > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" > port="8443" minProcessors="5" maxProcessors="75" > enableLookups="true" > acceptCount="100" debug="0" scheme="https" secure="true" > useURIValidationHack="false" > disableUploadTimeout="true"> > <Factory className > ="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" > keystoreFile="conf/.keystore" > clientAuth="false" protocol="TLS" /> > </Connector> > ... > <Realm className="org.apache.catalina.realm.MemoryRealm" /> > > tomcat-users.xml: > <user username="CN=Mark Thomas, OU=WWW, O=XXX, L=YYY, ST=ZZZ, C=GB" > password="null" roles="tomcat,certs"/> > > web.xml: > <?xml version="1.0" encoding="ISO-8859-1"?> > > <!DOCTYPE web-app > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" > "http://java.sun.com/dtd/web-app_2_3.dtd";> > > <web-app> > > <display-name>Bug 12218</display-name> > <description> > Test web app for bug 12218. > </description> > > <security-constraint> > <web-resource-collection> > <web-resource-name>App</web-resource-name> > <url-pattern>/protected.jsp</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>tomcat</role-name> > </auth-constraint> > <user-data-constraint> > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > <login-config> > <auth-method>CLIENT-CERT</auth-method> > </login-config> > > <security-role> > <role-name>tomcat</role-name> > </security-role> > > </web-app> > > > The steps I tend to follow when setting this sort of thing up are: > 1. Build simple two page web app. > 2. Configure one page to require basic authentication > 3. Test basic auth - checks tomcat-users.xml and realm set up > correctly > 4. Configure SSL > 5. Test http://localhost:8443/ - checks SSL set up > 6. Test app with SSL - not really necessary but best to double check > 7. Reconfigure app to use CLIENT-CERT > > > -----Original Message----- > > From: Idoia Murua Belacortu [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 18, 2004 8:01 AM > > To: Tomcat Users List > > Subject: RE: tomcat certificate > > > > > > Could you send us a sample of that "web.xml" file? > > I am also using client certificates over SSL with Tomcat, > > but as I could > > not find much information about it in Tomcat I configured it > > with Apache. > > > > Idoia > > > > > > > > > > > > "Mark Thomas" > > > > > > <[EMAIL PROTECTED] Para: > > "'Tomcat Users List'" <[EMAIL PROTECTED]> > > > > > cc: > > > > > > Asunto: RE: > > tomcat certificate > > > > 17/03/04 21:22 > > > > > > Por favor, > > > > > > responda a > > > > > > "Tomcat Users > > > > > > List" > > > > > > > > > > > > > > > > > > > > > > > > This is not correct. Tomcat does support CLIENT-CERT authentication > > 'out-of-the-box'. When combined with appropriate > > authorisation constraints > > in > > web.xml you can limit access to specific URLs. > > > > I have this working quite happily. > > > > Mark > > > > > -----Original Message----- > > > From: Rommel Sharma [mailto:[EMAIL PROTECTED] > > > Sent: Monday, February 23, 2004 11:28 AM > > > To: Tomcat Users List > > > Subject: Re: tomcat certificate > > > > > > Tomcat as such on its own does not parse and validate a > certificate. > > > I don't think its possible. You can identify a client through the > > > certificate alias the client uses. > > > Access to specific URLs depends on the server certificate > > > where you specify > > > the URL and send the client your public key. > > > I think there is no automatic mechanism in Tomcat that studies the > > > certificate and allows access to specific URLs. This needs to > > > be implemented > > > by any our deployed programs. > > > > > > ----- Original Message ----- > > > From: "secam secam" <[EMAIL PROTECTED]> > > > To: "Tomcat Users List" <[EMAIL PROTECTED]> > > > Sent: Monday, February 23, 2004 4:17 PM > > > Subject: Re: tomcat certificate > > > > > > > Thanks, > > > > > > > > Here is my real problem, > > > > > > > > I've got an external server that authentificate user > and deliver a > > > certicate with the trio User/Group/Role. > > > > > > > > In fact, i just want that the certificate give information > > > of the user to > > > tomcat in order to permit the access to some specifics url. > > > > > > > > Is it possible? > > > > > > > > Regard's > > > > > > > > Secam > > > > > > > > Rommel Sharma <[EMAIL PROTECTED]> wrote: > > > > If you mean two way authentication using SSL, then you have > > > to write the > > > > code that reads clients certificate and matches it with one > > > present in > > > > client keystore on the server. You enable client > authentication in > > > > server.xml for this and specify the serverkeystore and > > > password in it. > > > > Regards, > > > > Rommel Sharma. > > > > > > > > ----- Original Message ----- > > > > From: "secam secam" > > > > To: > > > > Sent: Monday, February 23, 2004 3:30 PM > > > > Subject: tomcat certificate > > > > > > > > > hello, > > > > > > > > > > I'm a new user of tomcat. > > > > > Can tomcat authenticate a user with a certifcate ? > > > > > > > > > > Thanks, > > > > > Secam > > > > > > > > > > > > > > > --------------------------------- > > > > > Yahoo! Mail : votre e-mail personnel et gratuit qui vous > > > suit partout ! > > > > > Cr�ez votre Yahoo! Mail > > > > > > > > ********************************************************* > > > > Disclaimer > > > > > > > > This message (including any attachments) contains > > > > confidential information intended for a specific > > > > individual and purpose, and is protected by law. > > > > If you are not the intended recipient, you should > > > > delete this message and are hereby notified that > > > > any disclosure, copying, or distribution of this > > > > message, or the taking of any action based on it, > > > > is strictly prohibited. > > > > > > > > ********************************************************* > > > > Visit us at http://www.mahindrabt.com > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------- > > > > Yahoo! Mail : votre e-mail personnel et gratuit qui vous > > > suit partout ! > > > > Cr�ez votre Yahoo! Mail > > > > > > ********************************************************* > > > Disclaimer > > > > > > This message (including any attachments) contains > > > confidential information intended for a specific > > > individual and purpose, and is protected by law. > > > If you are not the intended recipient, you should > > > delete this message and are hereby notified that > > > any disclosure, copying, or distribution of this > > > message, or the taking of any action based on it, > > > is strictly prohibited. > > > > > > ********************************************************* > > > Visit us at http://www.mahindrabt.com > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > Idoia Murua Belacortu > > Dpto. de Sistemas de Informaci�n y Telecomunicaciones > > Information Systems & Telecommunications Dept. > > ROBOTIKER, Corporaci�n Tecnol�gica TECNALIA. > > Parque Tecnol�gico, Edificio 202. E-48170 Zamudio (Bizkaia) (SPAIN). > > Tel: (34) 94 600 22 66. Fax: (34) 94 600 22 99 > > [EMAIL PROTECTED], www.robotiker.com > > > > "Este correo electr�nico contiene informaci�n privada > > que puede estar > > legalmente protegida, parcial o totalmente. Es s�lo > > para uso del > > destinatario al que est� dirigido. Si ha recibido este > > mensaje por error, > > le rogamos que lo notifique al remitente del email y que > > adem�s borre de su > > sistema el mensaje as� como todas sus copias, > > incluyendo las posibles > > copias del mismo en su disco duro, y se abstenga de > > usar, revelar, > > distribuir a terceros, imprimir o copiar ninguna de las > > partes de este > > mensaje". > > "Mezu elektroniko honek informazio pribatua du, partzialki > > edo osorik legez > > babestuta egon daitekeena. Bidali nahi zaion > > hartzaileak erabiltzeko > > bakarrik da. Mezu hau hutsegite baten ondorioz jaso > > baduzu, mesedez, > > mezuaren igorleari jakinaraztea eta mezua eta horren > > kopia guztiak > > ezabatzea eskatzen dizugu, disko gogorrean izan > > ditzakezunak barne. Eta, > > orobat, ez erabili mezu honen zatirik, ez eta erakutsi, > > beste pertsona > > batzuei banatu, inprimatu edo berridatzi ere". > > "This e-mail contains proprietary information some or all > > of which may be > > legally protected. It is for sole use of the intended > > recipient only. If > > you have received this message by mistake, you are requested > > to notify the > > e-mail sender and erase both the message and any copies > > from your system, > > including hard disk copies. You are further requested > > to refrain from > > using, distributing to third parties, printing or making > > copies of any > > parts of this message". > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > Idoia Murua Belacortu > Dpto. de Sistemas de Informaci�n y Telecomunicaciones > Information Systems & Telecommunications Dept. > ROBOTIKER, Corporaci�n Tecnol�gica TECNALIA. > Parque Tecnol�gico, Edificio 202. E-48170 Zamudio (Bizkaia) (SPAIN). > Tel: (34) 94 600 22 66. Fax: (34) 94 600 22 99 > [EMAIL PROTECTED], www.robotiker.com > > "Este correo electr�nico contiene informaci�n privada > que puede estar > legalmente protegida, parcial o totalmente. Es s�lo > para uso del > destinatario al que est� dirigido. Si ha recibido este > mensaje por error, > le rogamos que lo notifique al remitente del email y que > adem�s borre de su > sistema el mensaje as� como todas sus copias, > incluyendo las posibles > copias del mismo en su disco duro, y se abstenga de > usar, revelar, > distribuir a terceros, imprimir o copiar ninguna de las > partes de este > mensaje". > "Mezu elektroniko honek informazio pribatua du, partzialki > edo osorik legez > babestuta egon daitekeena. Bidali nahi zaion > hartzaileak erabiltzeko > bakarrik da. Mezu hau hutsegite baten ondorioz jaso > baduzu, mesedez, > mezuaren igorleari jakinaraztea eta mezua eta horren > kopia guztiak > ezabatzea eskatzen dizugu, disko gogorrean izan > ditzakezunak barne. Eta, > orobat, ez erabili mezu honen zatirik, ez eta erakutsi, > beste pertsona > batzuei banatu, inprimatu edo berridatzi ere". > "This e-mail contains proprietary information some or all > of which may be > legally protected. It is for sole use of the intended > recipient only. If > you have received this message by mistake, you are requested > to notify the > e-mail sender and erase both the message and any copies > from your system, > including hard disk copies. You are further requested > to refrain from > using, distributing to third parties, printing or making > copies of any > parts of this message". > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
