Hey it works! Thank you for enlightening me. But i would like to know why it works. If you can point me to some resources to explain this. I think in order for the client server to communicate over SSL the crucial setting is <transport-guarantee>INTEGRAL</transport-guarantee> NONE will mean no SSL. <auth-method> is just to specify how we want to athenticate the client right?
Actually what i want to achieve is just for the client and server to communicate over SSL for the login screen. No need for the client to prove that he is who he is. Am i right about the issue? Thanks again, you have been a great help :) --- Mark Thomas <[EMAIL PROTECTED]> wrote: > If you don't want the clients to have to provide a > client certificate, > don't specify CLIENT-CERT in your web.xml > > Mark > > [EMAIL PROTECTED] wrote: > > I tried setting it to true and it still does not > work. > > > > --- Mark Thomas <[EMAIL PROTECTED]> wrote: > > > > > >> From the Tomcat documentation: > >><quote> > >>clientAuth > >>Set to true if you want the SSL stack to require a > >>valid certificate > >>chain from the client before accepting a > connection. > >>A false value > >>(which is the default) will not require a > >>certificate chain unless the > >>client requests a resource protected by a security > >>constraint that uses > >>CLIENT-CERT authentication. > >></quote> > >> > >>[EMAIL PROTECTED] wrote: > >> > >>>By right the client should not be asked to > present > >> > >>a > >> > >>>cert because my server.xml setting is set to > >>>clientAuth="false" > >>> > >>>--- Mark Thomas <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>>>The problem appears to be that no client > >> > >>certificate > >> > >>>>is presented by > >>>>your client. Do you get prompted by your browser > >> > >>to > >> > >>>>specify a client > >>>>certificate? > >>>> > >>>>Browsers may be configured not to prompt for a > >>>>certificate in any or all > >>>>of the following cases: > >>>>- No client certs have been imported into the > >>>>browser > >>>>- No compatible client certs have been imported > >> > >>into > >> > >>>>the browser > >>>>- Only one suitable cert was found so it was > >>>>returned (unlikely in your > >>>>case) > >>>> > >>>>Check your browser/cert configuration. > >>>> > >>>>Mark > >>>> > >>>>[EMAIL PROTECTED] wrote: > >>>> > >>>> > >>>>>web.xml: > >>>>> > >>>>><?xml version="1.0" encoding="ISO-8859-1"?> > >>>>><!DOCTYPE web-app > >>>>> PUBLIC "-//Sun Microsystems, Inc.//DTD Web > >>>>>Application 2.3//EN" > >>>>> "http://localhost/dtd/web-app_2_3.dtd";> > >>>>><web-app> > >>>>> <context-param> > >>>>> <param-name>driverClassName</param-name> > >>>>> > >> > >><param-value>com.mysql.jdbc.Driver</param-value> > >> > >>>>> </context-param> > >>>>> <context-param> > >>>>> <param-name>dbUsername</param-name> > >>>>> <param-value>root</param-value> > >>>>> </context-param> > >>>>> <context-param> > >>>>> <param-name>dbPassword</param-name> > >>>>> <param-value>sql4dm1n2003</param-value> > >>>>> </context-param> > >>>>> > >>>>> <listener> > >>>>> <listener-class> > >>>>> MyListener > >>>>> </listener-class> > >>>>> </listener> > >>>>> > >>>>> > >>>>> <servlet> > >>>>> <servlet-name>ErrorServlet</servlet-name> > >>>>> > >>>>> > >>>> > > > <servlet-class>chapter04.ErrorServlet</servlet-class> > > > >>>>> </servlet> > >>>>> <servlet> > >>>>> <servlet-name>LoginServlet</servlet-name> > >>>>> > >>>>> > >>>> > > > <servlet-class>chapter04.LoginServlet</servlet-class> > > > >>>>> <init-param> > >>>>> <param-name>dburl</param-name> > >>>>> > >>>>> > >>>> > > > <param-value>jdbc:mysql://localhost/test</param-value> > > > >>>>> </init-param> > >>>>> </servlet> > >>>>> > >>>>> <servlet-mapping> > >>>>> <servlet-name>LoginServlet</servlet-name> > >>>>> <url-pattern>/login</url-pattern> > >>>>> </servlet-mapping> > >>>>> <servlet-mapping> > >>>>> <servlet-name>ErrorServlet</servlet-name> > >>>>> <url-pattern>/error</url-pattern> > >>>>> </servlet-mapping> > >>>>> > >>>>> <welcome-file-list> > >>>>> <welcome-file>/login.html</welcome-file> > >>>>> </welcome-file-list> > >>>>> > >>>>> <error-page> > >>>>> <error-code>403</error-code> > >>>>> <location>/login.html</location> > >>>>> </error-page> > >>>>> <!-- > >>>>> <error-page> > >>>>> > >>>>> > >>>> > > > <exception-type>java.sql.SQLException</exception-type> > > > >>>>> <location>/error</location> > >>>>> </error-page> > >>>>> --> > >>>>> <security-constraint> > >>>>> <web-resource-collection> > >>>>> <web-resource-name>login > >>>>>servlet</web-resource-name> > >>>>> <url-pattern>/login</url-pattern>> > >>>>> <http-method>POST</http-method> > >>>>> </web-resource-collection> > >>>>> > >>>>> <auth-constraint> > >>>>> <role-name>manager</role-name> > >>>>> </auth-constraint> > >>>>> > >>>>> <user-data-constraint> > >>>>> > >>>> > >>><transport-guarantee>INTEGRAL</transport-guarantee> > >>> > >>>>> </user-data-constraint> > >>>>> > >>>>> </security-constraint> > >>>>> > >>>>> <login-config> > >>>>> <auth-method>CLIENT-CERT</auth-method> > >>>>> <realm-name>sales</realm-name> > >>>>> <!-- > >>>>> <form-login-config> > >>>>> > <form-login-page>/auth.html</form-login-page> > >>>>> > <form-error-page>/error.html</form-error-page> > >>>>> </form-login-config> > >>>>> --> > >>>>> </login-config> > >>>>> > >>>>> <security-role> > >>>>> <role-name>manager</role-name> > >>>>> </security-role> > >>>>> > >>>>></web-app> > === message truncated === __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
