Hi Jochen, Have a look at the article at URL http://www-128.ibm.com/developerworks/websphere/library/techarticles/0606_chillakuru/0606_chillakuru.html
Though this article was written for WAS CE 1.0.1.1 (equivalent to G 1.0 to some extent :o), it may have answers to some of your questions. I have verified sometime ago that the scenarios in the sample applications work fine with G 1.1.1. Vamsi On 2/7/07, Jochen Zink <[EMAIL PROTECTED]> wrote:
Hallo, First: I'm using Geronimo 1.1.1 with tomcat I tried to secure a WebApplication. Only Clients with trusted certificates are able to connect. So, I have defined a new https listener with a Keystore that contains the server certificate and Private Key and a TrustStore with an trusted certificate. It is working pretty well. Only Clients with the correct Certificate can connect. Now, I will find out, with which certificate the current Client has connected. With this information I want to authenticate the user. A call of request.getUserPrincipal() or request.getRemoteuser() returns null. So I tried to configure a certificate security realm. The realm seams to work. It is not possible to connect to the Application, If I try to connect (over my own SSLlistener) with a not trusted certificate. But If I try to connect with a trusted Certificate, I become the exception you can see at the end of my post. I don't know if I have to declare both thinks, a https listener with client auth enabled and a certificate security realm. It seams to be different thinks for me. So, can anybody help me or knows a solution with which the problem can be solved? Thanks to everyone how has read my post. 14:12:52,546 WARN [TomcatGeronimoRealm] Login exception authenticating username "CN=Jochen Zink,OU=Privat,O=ganz Privat,L=Hannover,ST=Niedersachsen,C=DE" javax.security.auth.login.LoginException: Error filling callback list at org.apache.geronimo.security.jaas.client.ServerLoginProxy.login( ServerLoginProxy.java:78) at org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.performLogin (JaasLoginCoordinator.java:199) at org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.login( JaasLoginCoordinator.java:120) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java :39) at sun.reflect.DelegatingMethodAccessorImpl.invoke( DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate( TomcatGeronimoRealm.java:320) at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate( TomcatGeronimoRealm.java:279) at org.apache.catalina.authenticator.SSLAuthenticator.authenticate( SSLAuthenticator.java:148) at org.apache.catalina.authenticator.AuthenticatorBase.invoke( AuthenticatorBase.java:490) at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke (GeronimoStandardContext.java:342) at org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke( GeronimoBeforeAfterValve.java:31) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :105) at org.apache.catalina.core.StandardEngineValve.invoke( StandardEngineValve.java:107) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java :148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection (Http11BaseProtocol.java:667) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket( PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt( LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) Caused by: javax.security.auth.callback.UnsupportedCallbackException at org.apache.geronimo.security.realm.providers.CertificateChainCallbackHandler.handle (CertificateChainCallbackHandler.java:49) at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run( LoginContext.java:955) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle( LoginContext.java:951) at org.apache.geronimo.security.jaas.client.ServerLoginProxy.login( ServerLoginProxy.java:70) ... 29 more
