Hi all,
I have a basic authentication setup that works great as below.
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Patricia</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>administrator</role-name>
</security-role>
<security-role>
<role-name>underwriter</role-name>
</security-role>
<security-role>
<role-name>accountant</role-name>
</security-role>
<security-role>
<role-name>broker</role-name>
</security-role>
<security-role>
<role-name>feeds</role-name>
</security-role>
It is backed up with a realm like this:
<Realm className=“org.apache.catalina.realm.DataSourceRealm"
[snip]
userTable="person" userNameCol="mail"
userCredCol="user_password"
userRoleTable="company_person" roleNameCol="serial" />
I need to switch basic authentication to client certificates, as provided by
Apache httpd and proxied in with AJP. The username is provided by Apache httpd
in REMOTE_USER.
In theory, changing the auth-method to CLIENT-CERT should do the trick, but I
just get forbidden.
What doesn’t seem to fit is the realm definition - specifying userCredCol is
marked as mandatory, but this is obviously not present with a client
certificate. What do you specify in this field?
Does anyone have a working example of authentication using client certificates
and authorization using a realm backed with a DataSource?
Regards,
Graham
—
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
