Hi Vamsi, thanks for your answer.
Don't laugh, but I have developed my Application with the help of the aricle you sent to me ;). But there is still one problem. I can not download the samples.zip File from the page (FileNotFound). Is there another location where I can download the file? Maybe I can solve my problem with a working example and find my bug. Thanks a lot! Am Mi 07.02.2007 16:14 schrieb Vamsavardhana Reddy <[EMAIL PROTECTED]>: > Hi Jochen, > > Have a look at the article at URL > > http://www-128.ibm.com/developerworks/websphere/library/techarticles/0606_chillakuru/0606_chillakuru.html > > Though this article was written for WAS CE 1.0.1.1 (equivalent to G > 1.0 to > some extent :o), it may have answers to some of your questions. I have > verified sometime ago that the scenarios in the sample applications > work > fine with G 1.1.1. > > Vamsi > > On 2/7/07, Jochen Zink <[EMAIL PROTECTED]> wrote: > > > > Hallo, > > > > First: I'm using Geronimo 1.1.1 with tomcat > > > > I tried to secure a WebApplication. Only Clients with trusted > > certificates are able to connect. > > > > So, I have defined a new https listener with a Keystore that > > contains > > the server certificate and Private Key and a TrustStore with an > > trusted > > certificate. > > > > It is working pretty well. Only Clients with the correct Certificate > > can > > connect. > > > > Now, I will find out, with which certificate the current Client has > > connected. With this information I want to authenticate the user. > > > > A call of request.getUserPrincipal() or request.getRemoteuser() > > returns > > null. > > > > So I tried to configure a certificate security realm. > > > > The realm seams to work. It is not possible to connect to the > > Application, If I try to connect (over my own SSLlistener) with a > > not > > trusted certificate. But If I try to connect with a trusted > > Certificate, > > I become the exception you can see at the end of my post. > > > > I don't know if I have to declare both thinks, a https listener with > > client auth enabled and a certificate security realm. It seams to be > > different thinks for me. > > > > So, can anybody help me or knows a solution with which the problem > > can > > be solved? > > > > Thanks to everyone how has read my post. > > > > > > > > 14:12:52,546 WARN [TomcatGeronimoRealm] Login exception > > authenticating > > username "CN=Jochen Zink,OU=Privat,O=ganz > > Privat,L=Hannover,ST=Niedersachsen,C=DE" > > javax.security.auth.login.LoginException: Error filling callback > > list > > at > > org.apache.geronimo.security.jaas.client.ServerLoginProxy.login( > > ServerLoginProxy.java:78) > > at > > > > org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.performLogin > > (JaasLoginCoordinator.java:199) > > at > > org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.login( > > JaasLoginCoordinator.java:120) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java > > :39) > > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke( > > DelegatingMethodAccessorImpl.java:25) > > at java.lang.reflect.Method.invoke(Method.java:585) > > at > > javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) > > at > > > > javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) > > at > > javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) > > at java.security.AccessController.doPrivileged(Native Method) > > at > > > > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) > > at > > javax.security.auth.login.LoginContext.login(LoginContext.java:579) > > at > > org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate( > > TomcatGeronimoRealm.java:320) > > at > > org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate( > > TomcatGeronimoRealm.java:279) > > at > > org.apache.catalina.authenticator.SSLAuthenticator.authenticate( > > SSLAuthenticator.java:148) > > at > > org.apache.catalina.authenticator.AuthenticatorBase.invoke( > > AuthenticatorBase.java:490) > > at > > > > > > org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke > > (GeronimoStandardContext.java:342) > > at > > org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke( > > GeronimoBeforeAfterValve.java:31) > > at > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java > > :126) > > at > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java > > :105) > > at > > org.apache.catalina.core.StandardEngineValve.invoke( > > StandardEngineValve.java:107) > > at > > > > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541) > > at > > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java > > :148) > > at > > > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) > > at > > > > > > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection > > (Http11BaseProtocol.java:667) > > at > > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket( > > PoolTcpEndpoint.java:527) > > at > > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt( > > LeaderFollowerWorkerThread.java:80) > > at > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > > ThreadPool.java:684) > > at java.lang.Thread.run(Thread.java:595) > > Caused by: javax.security.auth.callback.UnsupportedCallbackException > > at > > > > > > org.apache.geronimo.security.realm.providers.CertificateChainCallbackHandler.handle > > (CertificateChainCallbackHandler.java:49) > > at > > javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run( > > LoginContext.java:955) > > at java.security.AccessController.doPrivileged(Native Method) > > at > > javax.security.auth.login.LoginContext$SecureCallbackHandler.handle( > > LoginContext.java:951) > > at > > org.apache.geronimo.security.jaas.client.ServerLoginProxy.login( > > ServerLoginProxy.java:70) > > ... 29 more > > > > Beste Grüße/Best regards Jochen Zink ________________________________________________________ Jochen Zink nepatec GmbH & Co. KG Hindenburgstr. 37 30175 Hannover Fon: 0511/935.946.51 Fax: 0511/935.946.57 Mail:[EMAIL PROTECTED] nepatec GmbH & Co. KG Sitz Hannover . Amtsgericht Hannover . HRA 200338 Persönlich haftende Gesellschafterin: Nepatec Verwaltungs-GmbH . Amtsgericht Hannover HRB 200954 . Geschäftsführer: Claudius Grieser . Burkhard Gerlts . Jörg Neumann . Frank Nitze
