Hi, Is it possible to configure or hack Tomcat in some way to intercept outbound HTTP URL requests from a deployed web application and convert them to HTTPS with Mutual Authentication?
My scenario is: * 3rd party web application that makes client invocations to a server that requires HTTPS with Mutual Authentication * I don’t know what framework the web application uses or how it creates the HTTP client connections * I can’t make changes to the 3rd party application I have investigated the below but they don’t seem to offer a solution * Adding Custom Resource Factories - http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources- <http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html> howto.html <http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html>. This requires changes to the client application * HTTP connector - http://tomcat.apache.org/tomcat-7.0-doc/config/http.html. This is for the Tomcat web server, not for outbound client connections I have successfully configured the server and can make SoapUI calls to it using HTTPS and Mutual Authentication. If I had control of the client code I would use HttpClient and accomplish it that way. For the Tomcat client application I have searched Google, Stackoverflow, and the Tomcat wiki and mail archives but all HTTPS/Mutual Authentication solutions I can find refer to Tomcat as the web server, not to web applications making outbound connections from a Tomcat instance. If there is no option to configure Tomcat then the only options I can think of are below, but if anyone has any other insights it would be much appreciated. 1) Write a between the Tomcat “client” instance and the HTTPS/MA endpoint 2) Find out the framework/socket factory/url connection factory the 3rdparty web app uses and override it with a Tomcat plugin 3) Raise a feature request with the 3rd party vendor to support HTTPS/MA Many thanks, Diarmuid McCarthy
