If you configure tomcat server in SSL mode, you can say what to do. In your server.xml, at the ssl connector it says what to do with the users. If you configure with no authentication, all users can see all. If you say want I think it says what to do with the user and if you put TRUE it means that the user should have a good certificate.
I´m sorry if that doesn´t help you -----Mensaje original----- De: Fabrizio Lippolis [mailto:[EMAIL PROTECTED] Enviado el: lunes, 25 de julio de 2005 10:10 Para: tomcat-user@jakarta.apache.org Asunto: Tomcat more tolerant to missing or expired client certificates Hi, I am developing an application where I managed to use client authentication requiring a certificate installed in the browser. I have remarked anyway that when a certificate is expired or there is no certificate at all, Tomcat doesn't allow the user to use the application. This is right after all but I find it too much restrictive in its behaviour since I can't even load static pages. I would like to be able to decide what to do when a certificate is expired or there is no certificate, possibly in the former case to display a message to renovate the certificate, in the latter to display another message that the application could only be accessed with a valid certificate. On the contrary, Tomcat logs an exception like this: 25-lug-2005 9.59.32 org.apache.tomcat.util.net.jsse.JSSE14Support synchronousHan dshake INFO: SSL Error getting client Certs javax.net.ssl.SSLHandshakeException: null cert chain at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275) at java.io.InputStream.read(InputStream.java:89) at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JS SE14Support.java:88) at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support .java:67) at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(J SSESupport.java:120) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java: 1049) at org.apache.coyote.Request.action(Request.java:365) at org.apache.coyote.tomcat4.CoyoteRequest.getAttribute(CoyoteRequest.ja va:768) at org.apache.coyote.tomcat4.CoyoteRequestFacade.getAttribute(CoyoteRequ estFacade.java:89) at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAu thenticator.java:134) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica torBase.java:479) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:594) at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve .java:199) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:594) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav a:433) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:948) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java: 2358) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:133) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:596) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatche rValve.java:118) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:594) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:116) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:594) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: 534) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:594) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav a:433) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:948) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal ve.java:127) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:596) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav a:433) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:948) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:15 2) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :799) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce ssConnection(Http11Protocol.java:705) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java :577) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:683) at java.lang.Thread.run(Thread.java:534) ... Does anybody know how could I do to achieve my purpose? Any help appreciated, thank you very much. Fabrizio --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
