On 2/17/10, Mark Thomas <ma...@apache.org> wrote:
> Then you probably haven't got your config quite right. There are plenty
> of things to go wrong with this but this definitely works - I was using
> it just the other day.
>
> We'll need to see:
> - connector element from server.xml
> - web.xml
> - tomcat-users.xml (assuming that is what you are using)
> for starters.
Sure thing - here is my Connector element:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="50" scheme="https" secure="true"
keystoreFile=".../tomcat.keystore" keystorePass="..."
clientAuth="false" sslProtocol="TLS"
allowUnsafeLegacyRenegotiation="true" />
My web.xml (based on what I saw in your reply to bug 46950):
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";
version="2.5">
<distributable/>
<servlet>
<description>Test servlet</description>
<display-name>My Servlet</display-name>
<servlet-name>MyServlet</servlet-name>
<servlet-class>MyServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MyServlet</servlet-name>
<url-pattern>/myServlet</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>MyApp</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>X509</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Everything</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
</web-app>
And my tomcat-users.xml:
<tomcat-users>
<role rolename="manager"/>
<user username="tomcat" password="..." roles="manager"/>
<role rolename="X509"/>
<user
username="EMAILADDRESS=...,CN=...,OU=...,OU=...,OU=...,O=...,L=...,ST=...,C=..."
password="null" roles="X509" />
</tomcat-users>
>
> Also a better description of the problem than "doesn't work" would help.
>
:-) "Doesn't work", meaning I don't get prompted for my certificate.
I see my servlet's output without any sort of authentication.
Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
