I've look at the code and it would help if you could post your realm definition.
Thanks, Mark > -----Original Message----- > From: Mark Thomas [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 25, 2004 6:00 PM > To: 'Tomcat Users List' > Subject: RE: tomcat certificate > > OK. Light dawns. Can you try using the memory realm? My realm > definition looks > like: > <Realm className="org.apache.catalina.realm.MemoryRealm" /> > > Looking again at the exception it looks like a JMX issue with the > UserDatabaseRealm MBean and user names containing '='. I'll > have a look at the > code. > > Mark > > > -----Original Message----- > > From: Idoia Murua Belacortu [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 25, 2004 9:01 AM > > To: Tomcat Users List > > Subject: RE: tomcat certificate > > > > > > My server.xml file has: > > <Connector port="8443" > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > > enableLookups="false" disableUploadTimeout="true" > > acceptCount="100" debug="0" scheme="https" secure="true" > > clientAuth="true" sslProtocol="TLS" > > keystoreFile > > ="/home/tomcat/jakarta-tomcat-5.0.19/conf/ssl/server/server.ks" /> > > > > > > The tomcat-users.xml file has: > > <role rolename="certs"/> > > <user username="[EMAIL PROTECTED], CN=Idoia, > > OU=INFOTECH, > > O=ROBOTIKER, L=ZAMUDIO, ST=BIZKAIA, C=ES" password="null" > > roles="certs"/> > > > > > > The web.xml file of the application is: > > > > <?xml version="1.0" encoding="windows-1252"?> > > <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD > > Web Application > > 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";> > > <web-app> > > <description>Empty web.xml file for Web > > Application</description> > > <session-config> > > <session-timeout>35</session-timeout> > > </session-config> > > <mime-mapping> > > <extension>html</extension> > > <mime-type>text/html</mime-type> > > </mime-mapping> > > <mime-mapping> > > <extension>txt</extension> > > <mime-type>text/plain</mime-type> > > </mime-mapping> > > <welcome-file-list> > > <welcome-file>index.jsp</welcome-file> > > <welcome-file>index.html</welcome-file> > > </welcome-file-list> > > <resource-ref> > > <description>Saturn database</description> > > <res-ref-name>jdbc/saturn</res-ref-name> > > <res-type>javax.sql.DataSource</res-type> > > <res-auth>SERVLET</res-auth> > > </resource-ref> > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Protected > > Area</web-resource-name> > > <url-pattern>/pim.htm</url-pattern> > > </web-resource-collection> > > <auth-constraint> > > <role-name>certs</role-name> > > </auth-constraint> > > <user-data-constraint> > > > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > </user-data-constraint> > > </security-constraint> > > > > <login-config> > > <auth-method>CLIENT-CERT</auth-method> > > </login-config> > > > > <security-role> > > <role-name>certs</role-name> > > </security-role> > > > > </web-app> > > > > > > When I startup Tomcat I get the following message in > > "catalina.out" log > > file: > > > > 24-mar-2004 > > 17:37:55 > > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener > > createMBeans > > GRAVE: Exception creating UserDatabase MBeans for UserDatabase > > javax.management.MalformedObjectNameException: Invalid > > character '=' in > > value part of property > > at > javax.management.ObjectName.construct(ObjectName.java:563) > > at javax.management.ObjectName.<init>(ObjectName.java:1300) > > at > > org.apache.catalina.mbeans.MBeanUtils.createObjectName(MBeanUt > > ils.java:1520) > > at > > > org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.java:783) > > at > > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.cr > > eateMBeans(GlobalResourcesLifecycleListener.java:280) > > at > > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.cr > > eateMBeans(GlobalResourcesLifecycleListener.java:210) > > at > > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.cr > > eateMBeans(GlobalResourcesLifecycleListener.java:172) > > at > > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.li > > fecycleEvent(GlobalResourcesLifecycleListener.java:144) > > at > > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(L > > ifecycleSupport.java:166) > > at > > org.apache.catalina.core.StandardServer.start(StandardServer.j > > ava:2338) > > at > > org.apache.catalina.startup.Catalina.start(Catalina.java:594) > > at > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess > > orImpl.java:39) > > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth > > odAccessorImpl.java:25) > > at java.lang.reflect.Method.invoke(Method.java:324) > > at > > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:297) > > at > > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:398) > > > > And when I access the "/pim.htm" page via SSL and port 8443 > > it gives me a > > Tomcat error in the navigator (HTTP 401). It is in Spanish, > > but in English > > it would be something like: > > HTTP 401 Status - Impossible to authenticate with provided > credentials > > type: status report > > message: Impossible to authenticate with provided credentials > > description: This requirement requires HTTP authentication > > (Impossible to > > authenticate with provided credentials) > > > > The client certificate is signed by a CA recognised by > > Tomcat, because when > > I access other pages via SSL and port 8443, Tomcat > > gives no eror and > > accepts the client certificate. > > > > > > Regards, > > Idoia > > <trim> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
