"Alex Tang" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi folks.
>
> I was wondering if it's possible to get client certificate information
> from tomcat (3.3.1) when running STANDALONE (e.g. NOT using mod_jk or an
> external webserver).
>
> I can setup tomcat so that it requires client-auth properly, however I
> don't seem to be able to programmatically get at any of the certificate
> information.
>
This sounds like you've found the clientauth="true" attribute on the
Http10Connector element. This causes Tomcat to requre a client cert for
each SSL request (unlike TC 4.x, it's an all-or-nothing setting).
You should then be able to access the top-level cert (all that can be
exposed under the 2.2 Servlet-spec :() via
'request.getAttribute("javax.servlet.request.X509Certificate")'. As per
section 5.7 of the 2.2 spec, this will be of type
java.security.cert.X509Certificate.
I haven't tried this with the Http10Connector for a very long time (it seems
to work fine with the 3.3.2-dev CoyoteConnector). If you are still having
problems, please report it to http://nagoya.apache.org/bugzilla/.
> Also, yes, i know that this is possible (and i have done it) using apache
> and mod_jk, however due to various reasons, i can not run ANY web server
> (groan...) on the machine, so i need to be able to do this standalone.
>
> Thanks.
>
> ...alex...
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
