I solved my own problem. I should have been using CLIENT-CERT (dash not
underscore). I can't believe I missed that - how embarrassing ~)
----- Original Message -----
From: GaryJ
To: Tomcat Users List
Sent: Saturday, October 30, 2004 6:37 PM
Subject: How to apply CLIENT_CERT to a page
I am trying to secure a single url_pattern but get errors when I try to use
CLIENT_CERT. I have a new installation of Tomcat 5.53 with no changes to
the configuration except uncomment the SSL connector in server.xml.
Here's what works:
- An SSL connector is installed on port 443 and I get the proper certificate
back when I connect via https to the server
- If I change the connector to clientAuth="true" I am prompted for a client
cert when I connect to any page on the server using https.
- I have set the transport-guarantee to CONFIDENTIAL for the url I am trying
to constrain and connections to that page always switch to https.
What does not work is if I change the <auth-method> to CLIENT_CERT from
BASIC. I get an error message (shown below). Does anyone have any examples
of a web-xml that does work with CLIENT_CERT or have an idea what the
problem could be?
I have included my (very simple) web.xml below as well as the error message
I receive.
web.xml
----------
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd";>
<web-app>
<!-- General description of web application -->
<display-name>ROOT</display-name>
<description>Web Site</description>
<!-- Url Security Constraints-->
<security-constraint>
<web-resource-collection>
<url-pattern>/test.htm</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- Login Configuration -->
<login-config>
<auth-method>CLIENT_CERT</auth-method>
</login-config>
</web-app
stdout errors
----------------
Oct 30, 2004 6:26:43 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive ROOT.war
Oct 30, 2004 6:26:43 PM org.apache.catalina.startup.ContextConfig
authenticatorConfig
SEVERE: Cannot configure an authenticator for method CLIENT_CERT
Oct 30, 2004 6:26:43 PM org.apache.catalina.startup.ContextConfig start
SEVERE: Marking this application unavailable due to previous error(s)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
