Hi, I'm not trying to see the SSL stuff itself, but make the connector ask for a client certificate. This works with the security-constraint config mentioned below, if I reference a role from the user-realm. As I do not have the users defined in some realm, i try to find a was to make the connector switch to requesting a client certificate without referencing a realm.
The only alternative would be to dump the filter and implement a realm? Mit freundlichen Grüßen, Alexander Jung > -----Ursprüngliche Nachricht----- > Von: Dima Retov [mailto:[EMAIL PROTECTED] > Gesendet: Dienstag, 6. März 2007 14:33 > An: Tomcat Users List > Betreff: Re: How to request a client Certificate Authentication ? > > Hi, > > SSL stuff happens before any actual HTTP data is sent. > It not possible to see request's URL at this stage. > > Dima > > Tuesday, March 6, 2007, 3:29:15 PM, you wrote: > > JAA> Hello, > > JAA> I try to implement a custom client certificate > authentication, that does > JAA> some complicated LDAP-lookups in the background and > gives an authenticated > JAA> value with request.getRemoteUser() back to the applications. > > JAA> Peeking through the jcifs source, I chose to implement a > filter. This > JAA> works,but I'd like to limit the areas where the > tomcat-SSL Connector asks > JAA> for a SSL-Clientauthentication. > > JAA> I configured the connector with clientAuth="false" and > tried to force SSL > JAA> client authentication within the applications web.xml with: > > JAA> <security-constraint> > JAA> <web-resource-collection> > > JAA> <web-resource-name>Zugriffsschutz</web-resource-name> > JAA> <url-pattern>/secure/*</url-pattern> > JAA> </web-resource-collection> > JAA> <user-data-constraint> > JAA> <transport-guarantee>CONFIDENTIAL</transport-guarantee> > JAA> </user-data-constraint> > JAA> </security-constraint> > > JAA> <login-config> > JAA> <auth-method>CLIENT-CERT</auth-method> > JAA> </login-config> > > JAA> But this does not make the connector ask for a client > certificate. How do I > JAA> make the connector ask for it? (clientAuth="true" in the > connectors > JAA> configuration works, but limits the access of all pages > to users that have > JAA> client certs). > > JAA> I'm using tomcat 5.5.20. > > JAA> Regards, > JAA> Alexander Jung > > > > -- > Best regards, > Dima mailto:[EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
smime.p7s
Description: S/MIME cryptographic signature
