We are using Tomcat 5.0.19 over Linux.
Idoia
"Mark Thomas"
<[EMAIL PROTECTED] Para: "'Tomcat Users List'"
<[EMAIL PROTECTED]>
> cc:
Asunto: RE: tomcat certificate
23/03/04 20:32
Por favor,
responda a
"Tomcat Users
List"
Which version of tomact are you using?
Mark
> -----Original Message-----
> From: Idoia Murua Belacortu [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 23, 2004 5:00 PM
> To: Tomcat Users List
> Subject: RE: tomcat certificate
>
>
> I have configured the files as you said in the e-mail, but
> when I start
> Tomcat I get the following error in "catalina.out" file:
> Exception creating UserDatabase MBeans for UserDatabase
> javax.management.MalformedObjectNameException: Invalid
> character '=' in
> value part of property
>
> And it is because of the following property value in the
> "tomcat-users.xml"
> file:
> username="CN=Mark Thomas, OU=WWW, O=XXX, L=YYY, ST=ZZZ, C=GB"
> It seems tomcat does not like the �=' character inside a
> property value.
> I have also tried writing:
> username="CN\=Mark Thomas, OU\=WWW, O\=XXX, L\=YYY, ST\=ZZZ, C\=GB"
> But I still get the same error.
>
> Don�t you get the same error message? How can I avoid this?
>
> Thanks in advance and regards,
> Idoia
>
>
>
>
>
>
>
> "Mark Thomas"
>
>
> <[EMAIL PROTECTED] Para:
> "'Tomcat Users List'" <[EMAIL PROTECTED]>
>
> > cc:
>
>
> Asunto: RE:
> tomcat certificate
>
> 18/03/04 20:46
>
>
> Por favor,
>
>
> responda a
>
>
> "Tomcat Users
>
>
> List"
>
>
>
>
>
>
>
>
>
>
>
> The important files are:
> server.xml:
> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> port="8443" minProcessors="5" maxProcessors="75"
> enableLookups="true"
> acceptCount="100" debug="0" scheme="https" secure="true"
> useURIValidationHack="false"
> disableUploadTimeout="true">
> <Factory className
> ="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
> keystoreFile="conf/.keystore"
> clientAuth="false" protocol="TLS" />
> </Connector>
> ...
> <Realm className="org.apache.catalina.realm.MemoryRealm" />
>
> tomcat-users.xml:
> <user username="CN=Mark Thomas, OU=WWW, O=XXX, L=YYY, ST=ZZZ, C=GB"
> password="null" roles="tomcat,certs"/>
>
> web.xml:
> <?xml version="1.0" encoding="ISO-8859-1"?>
>
> <!DOCTYPE web-app
> PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
> "http://java.sun.com/dtd/web-app_2_3.dtd";>
>
> <web-app>
>
> <display-name>Bug 12218</display-name>
> <description>
> Test web app for bug 12218.
> </description>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>App</web-resource-name>
> <url-pattern>/protected.jsp</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>tomcat</role-name>
> </auth-constraint>
> <user-data-constraint>
>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>CLIENT-CERT</auth-method>
> </login-config>
>
> <security-role>
> <role-name>tomcat</role-name>
> </security-role>
>
> </web-app>
>
>
> The steps I tend to follow when setting this sort of thing up are:
> 1. Build simple two page web app.
> 2. Configure one page to require basic authentication
> 3. Test basic auth - checks tomcat-users.xml and realm set up
> correctly
> 4. Configure SSL
> 5. Test http://localhost:8443/ - checks SSL set up
> 6. Test app with SSL - not really necessary but best to double check
> 7. Reconfigure app to use CLIENT-CERT
>
> > -----Original Message-----
> > From: Idoia Murua Belacortu [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, March 18, 2004 8:01 AM
> > To: Tomcat Users List
> > Subject: RE: tomcat certificate
> >
> >
> > Could you send us a sample of that "web.xml" file?
> > I am also using client certificates over SSL with Tomcat,
> > but as I could
> > not find much information about it in Tomcat I configured it
> > with Apache.
> >
> > Idoia
> >
> >
> >
> >
> >
> > "Mark Thomas"
> >
> >
> > <[EMAIL PROTECTED] Para:
> > "'Tomcat Users List'" <[EMAIL PROTECTED]>
> >
> > > cc:
> >
> >
> > Asunto: RE:
> > tomcat certificate
> >
> > 17/03/04 21:22
> >
> >
> > Por favor,
> >
> >
> > responda a
> >
> >
> > "Tomcat Users
> >
> >
> > List"
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > This is not correct. Tomcat does support CLIENT-CERT authentication
> > 'out-of-the-box'. When combined with appropriate
> > authorisation constraints
> > in
> > web.xml you can limit access to specific URLs.
> >
> > I have this working quite happily.
> >
> > Mark
> >
> > > -----Original Message-----
> > > From: Rommel Sharma [mailto:[EMAIL PROTECTED]
> > > Sent: Monday, February 23, 2004 11:28 AM
> > > To: Tomcat Users List
> > > Subject: Re: tomcat certificate
> > >
> > > Tomcat as such on its own does not parse and validate a
> certificate.
> > > I don't think its possible. You can identify a client through the
> > > certificate alias the client uses.
> > > Access to specific URLs depends on the server certificate
> > > where you specify
> > > the URL and send the client your public key.
> > > I think there is no automatic mechanism in Tomcat that studies the
> > > certificate and allows access to specific URLs. This needs to
> > > be implemented
> > > by any our deployed programs.
> > >
> > > ----- Original Message -----
> > > From: "secam secam" <[EMAIL PROTECTED]>
> > > To: "Tomcat Users List" <[EMAIL PROTECTED]>
> > > Sent: Monday, February 23, 2004 4:17 PM
> > > Subject: Re: tomcat certificate
> > >
> > > > Thanks,
> > > >
> > > > Here is my real problem,
> > > >
> > > > I've got an external server that authentificate user
> and deliver a
> > > certicate with the trio User/Group/Role.
> > > >
> > > > In fact, i just want that the certificate give information
> > > of the user to
> > > tomcat in order to permit the access to some specifics url.
> > > >
> > > > Is it possible?
> > > >
> > > > Regard's
> > > >
> > > > Secam
> > > >
> > > > Rommel Sharma <[EMAIL PROTECTED]> wrote:
> > > > If you mean two way authentication using SSL, then you have
> > > to write the
> > > > code that reads clients certificate and matches it with one
> > > present in
> > > > client keystore on the server. You enable client
> authentication in
> > > > server.xml for this and specify the serverkeystore and
> > > password in it.
> > > > Regards,
> > > > Rommel Sharma.
> > > >
> > > > ----- Original Message -----
> > > > From: "secam secam"
> > > > To:
> > > > Sent: Monday, February 23, 2004 3:30 PM
> > > > Subject: tomcat certificate
> > > >
> > > > > hello,
> > > > >
> > > > > I'm a new user of tomcat.
> > > > > Can tomcat authenticate a user with a certifcate ?
> > > > >
> > > > > Thanks,
> > > > > Secam
> > > > >
> > > > >
> > > > > ---------------------------------
> > > > > Yahoo! Mail : votre e-mail personnel et gratuit qui vous
> > > suit partout !
> > > > > Cr�ez votre Yahoo! Mail
> > > >
> > > > *********************************************************
> > > > Disclaimer
> > > >
> > > > This message (including any attachments) contains
> > > > confidential information intended for a specific
> > > > individual and purpose, and is protected by law.
> > > > If you are not the intended recipient, you should
> > > > delete this message and are hereby notified that
> > > > any disclosure, copying, or distribution of this
> > > > message, or the taking of any action based on it,
> > > > is strictly prohibited.
> > > >
> > > > *********************************************************
> > > > Visit us at http://www.mahindrabt.com
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > > > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > > >
> > > >
> > > > ---------------------------------
> > > > Yahoo! Mail : votre e-mail personnel et gratuit qui vous
> > > suit partout !
> > > > Cr�ez votre Yahoo! Mail
> > >
> > > *********************************************************
> > > Disclaimer
> > >
> > > This message (including any attachments) contains
> > > confidential information intended for a specific
> > > individual and purpose, and is protected by law.
> > > If you are not the intended recipient, you should
> > > delete this message and are hereby notified that
> > > any disclosure, copying, or distribution of this
> > > message, or the taking of any action based on it,
> > > is strictly prohibited.
> > >
> > > *********************************************************
> > > Visit us at http://www.mahindrabt.com
> > >
> > >
> > >
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail:
> [EMAIL PROTECTED]
> > >
> > >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> > Idoia Murua Belacortu
> > Dpto. de Sistemas de Informaci�n y Telecomunicaciones
> > Information Systems & Telecommunications Dept.
> > ROBOTIKER, Corporaci�n Tecnol�gica TECNALIA.
> > Parque Tecnol�gico, Edificio 202. E-48170 Zamudio (Bizkaia) (SPAIN).
> > Tel: (34) 94 600 22 66. Fax: (34) 94 600 22 99
> > [EMAIL PROTECTED], www.robotiker.com
> >
> > "Este correo electr�nico contiene informaci�n privada
> > que puede estar
> > legalmente protegida, parcial o totalmente. Es s�lo
> > para uso del
> > destinatario al que est� dirigido. Si ha recibido este
> > mensaje por error,
> > le rogamos que lo notifique al remitente del email y que
> > adem�s borre de su
> > sistema el mensaje as� como todas sus copias,
> > incluyendo las posibles
> > copias del mismo en su disco duro, y se abstenga de
> > usar, revelar,
> > distribuir a terceros, imprimir o copiar ninguna de las
> > partes de este
> > mensaje".
> > "Mezu elektroniko honek informazio pribatua du, partzialki
> > edo osorik legez
> > babestuta egon daitekeena. Bidali nahi zaion
> > hartzaileak erabiltzeko
> > bakarrik da. Mezu hau hutsegite baten ondorioz jaso
> > baduzu, mesedez,
> > mezuaren igorleari jakinaraztea eta mezua eta horren
> > kopia guztiak
> > ezabatzea eskatzen dizugu, disko gogorrean izan
> > ditzakezunak barne. Eta,
> > orobat, ez erabili mezu honen zatirik, ez eta erakutsi,
> > beste pertsona
> > batzuei banatu, inprimatu edo berridatzi ere".
> > "This e-mail contains proprietary information some or all
> > of which may be
> > legally protected. It is for sole use of the intended
> > recipient only. If
> > you have received this message by mistake, you are requested
> > to notify the
> > e-mail sender and erase both the message and any copies
> > from your system,
> > including hard disk copies. You are further requested
> > to refrain from
> > using, distributing to third parties, printing or making
> > copies of any
> > parts of this message".
> >
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> Idoia Murua Belacortu
> Dpto. de Sistemas de Informaci�n y Telecomunicaciones
> Information Systems & Telecommunications Dept.
> ROBOTIKER, Corporaci�n Tecnol�gica TECNALIA.
> Parque Tecnol�gico, Edificio 202. E-48170 Zamudio (Bizkaia) (SPAIN).
> Tel: (34) 94 600 22 66. Fax: (34) 94 600 22 99
> [EMAIL PROTECTED], www.robotiker.com
>
> "Este correo electr�nico contiene informaci�n privada
> que puede estar
> legalmente protegida, parcial o totalmente. Es s�lo
> para uso del
> destinatario al que est� dirigido. Si ha recibido este
> mensaje por error,
> le rogamos que lo notifique al remitente del email y que
> adem�s borre de su
> sistema el mensaje as� como todas sus copias,
> incluyendo las posibles
> copias del mismo en su disco duro, y se abstenga de
> usar, revelar,
> distribuir a terceros, imprimir o copiar ninguna de las
> partes de este
> mensaje".
> "Mezu elektroniko honek informazio pribatua du, partzialki
> edo osorik legez
> babestuta egon daitekeena. Bidali nahi zaion
> hartzaileak erabiltzeko
> bakarrik da. Mezu hau hutsegite baten ondorioz jaso
> baduzu, mesedez,
> mezuaren igorleari jakinaraztea eta mezua eta horren
> kopia guztiak
> ezabatzea eskatzen dizugu, disko gogorrean izan
> ditzakezunak barne. Eta,
> orobat, ez erabili mezu honen zatirik, ez eta erakutsi,
> beste pertsona
> batzuei banatu, inprimatu edo berridatzi ere".
> "This e-mail contains proprietary information some or all
> of which may be
> legally protected. It is for sole use of the intended
> recipient only. If
> you have received this message by mistake, you are requested
> to notify the
> e-mail sender and erase both the message and any copies
> from your system,
> including hard disk copies. You are further requested
> to refrain from
> using, distributing to third parties, printing or making
> copies of any
> parts of this message".
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
