Yes, you are right. Before my server.xml file had the following realm
defined:
<!-- Global JNDI resources -->
<GlobalNamingResources>
<!-- Test entry for demonstration purposes -->
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/>
I have replaced it with the memory realm:
<Realm className="org.apache.catalina.realm.MemoryRealm" />
And now it accepts the client certificate. Thank you very much for your
help.
And I think you are right, the error in the "catalina.out" file is a JMX
issue.
Regards,
Idoia
"Mark Thomas"
<[EMAIL PROTECTED] Para: "'Tomcat Users List'"
<[EMAIL PROTECTED]>
> cc:
Asunto: RE: tomcat certificate
25/03/04 19:48
Por favor,
responda a
"Tomcat Users
List"
I've look at the code and it would help if you could post your realm
definition.
Thanks,
Mark
> -----Original Message-----
> From: Mark Thomas [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 25, 2004 6:00 PM
> To: 'Tomcat Users List'
> Subject: RE: tomcat certificate
>
> OK. Light dawns. Can you try using the memory realm? My realm
> definition looks
> like:
> <Realm className="org.apache.catalina.realm.MemoryRealm" />
>
> Looking again at the exception it looks like a JMX issue with the
> UserDatabaseRealm MBean and user names containing '='. I'll
> have a look at the
> code.
>
> Mark
>
> > -----Original Message-----
> > From: Idoia Murua Belacortu [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, March 25, 2004 9:01 AM
> > To: Tomcat Users List
> > Subject: RE: tomcat certificate
> >
> >
> > My server.xml file has:
> > <Connector port="8443"
> > maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> > enableLookups="false" disableUploadTimeout="true"
> > acceptCount="100" debug="0" scheme="https" secure="true"
> > clientAuth="true" sslProtocol="TLS"
> > keystoreFile
> > ="/home/tomcat/jakarta-tomcat-5.0.19/conf/ssl/server/server.ks" />
> >
> >
> > The tomcat-users.xml file has:
> > <role rolename="certs"/>
> > <user username="[EMAIL PROTECTED], CN=Idoia,
> > OU=INFOTECH,
> > O=ROBOTIKER, L=ZAMUDIO, ST=BIZKAIA, C=ES" password="null"
> > roles="certs"/>
> >
> >
> > The web.xml file of the application is:
> >
> > <?xml version="1.0" encoding="windows-1252"?>
> > <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD
> > Web Application
> > 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";>
> > <web-app>
> > <description>Empty web.xml file for Web
> > Application</description>
> > <session-config>
> > <session-timeout>35</session-timeout>
> > </session-config>
> > <mime-mapping>
> > <extension>html</extension>
> > <mime-type>text/html</mime-type>
> > </mime-mapping>
> > <mime-mapping>
> > <extension>txt</extension>
> > <mime-type>text/plain</mime-type>
> > </mime-mapping>
> > <welcome-file-list>
> > <welcome-file>index.jsp</welcome-file>
> > <welcome-file>index.html</welcome-file>
> > </welcome-file-list>
> > <resource-ref>
> > <description>Saturn database</description>
> > <res-ref-name>jdbc/saturn</res-ref-name>
> > <res-type>javax.sql.DataSource</res-type>
> > <res-auth>SERVLET</res-auth>
> > </resource-ref>
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>Protected
> > Area</web-resource-name>
> > <url-pattern>/pim.htm</url-pattern>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>certs</role-name>
> > </auth-constraint>
> > <user-data-constraint>
> >
> > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> > </user-data-constraint>
> > </security-constraint>
> >
> > <login-config>
> > <auth-method>CLIENT-CERT</auth-method>
> > </login-config>
> >
> > <security-role>
> > <role-name>certs</role-name>
> > </security-role>
> >
> > </web-app>
> >
> >
> > When I startup Tomcat I get the following message in
> > "catalina.out" log
> > file:
> >
> > 24-mar-2004
> > 17:37:55
> > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
> > createMBeans
> > GRAVE: Exception creating UserDatabase MBeans for UserDatabase
> > javax.management.MalformedObjectNameException: Invalid
> > character '=' in
> > value part of property
> > at
> javax.management.ObjectName.construct(ObjectName.java:563)
> > at javax.management.ObjectName.<init>(ObjectName.java:1300)
> > at
> > org.apache.catalina.mbeans.MBeanUtils.createObjectName(MBeanUt
> > ils.java:1520)
> > at
> >
> org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.java:783)
> > at
> > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.cr
> > eateMBeans(GlobalResourcesLifecycleListener.java:280)
> > at
> > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.cr
> > eateMBeans(GlobalResourcesLifecycleListener.java:210)
> > at
> > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.cr
> > eateMBeans(GlobalResourcesLifecycleListener.java:172)
> > at
> > org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.li
> > fecycleEvent(GlobalResourcesLifecycleListener.java:144)
> > at
> > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(L
> > ifecycleSupport.java:166)
> > at
> > org.apache.catalina.core.StandardServer.start(StandardServer.j
> > ava:2338)
> > at
> > org.apache.catalina.startup.Catalina.start(Catalina.java:594)
> > at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess
> > orImpl.java:39)
> > at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth
> > odAccessorImpl.java:25)
> > at java.lang.reflect.Method.invoke(Method.java:324)
> > at
> > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:297)
> > at
> > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:398)
> >
> > And when I access the "/pim.htm" page via SSL and port 8443
> > it gives me a
> > Tomcat error in the navigator (HTTP 401). It is in Spanish,
> > but in English
> > it would be something like:
> > HTTP 401 Status - Impossible to authenticate with provided
> credentials
> > type: status report
> > message: Impossible to authenticate with provided credentials
> > description: This requirement requires HTTP authentication
> > (Impossible to
> > authenticate with provided credentials)
> >
> > The client certificate is signed by a CA recognised by
> > Tomcat, because when
> > I access other pages via SSL and port 8443, Tomcat
> > gives no eror and
> > accepts the client certificate.
> >
> >
> > Regards,
> > Idoia
>
> <trim>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
