You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Raphael Gallo <ra...@powerlogic.com.br> on 2004/11/26 21:44:12 UTC
CLIENT-CERT
Hi,
It´s possible use FORM authentication and CLIENT-CERT in the same
application. How can I do this ?
Thanks,
Raphael Gallo
raphael@powerlogic.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: CLIENT-CERT
Posted by Mario Ivankovits <ma...@ops.co.at>.
Raphael Gallo wrote:
> It´s possible use FORM authentication and CLIENT-CERT in the same
>application. How can I do this ?
>
>
Not sure if it works with FORM but I have done this with BASIC (through
https).
If the CLIENT-CERT fails the system will fallback to BASIC.
I have done this by fiddling my own SSLAuthenticator (called
SSLAuthenticatorOptional) into Tomcat.
The main changes in short:
private BasicAuthenticator secondAuth = new BasicAuthenticator();
// Authenticate the specified certificate chain
principal = context.getRealm().authenticate(certs);
if (principal == null)
{
if (debug >= 1)
{
log(" Realm.authenticate() returned false");
}
return secondAuth.authenticate(request, response, config);
// hres.sendError(HttpServletResponse.SC_UNAUTHORIZED,
// sm.getString("authenticator.unauthorized"));
// return (false);
}
To put the SSLAuthenticatorOptional into Tomcat I have had to change the
Authenticators.properties - which could done by this ant task
<target name="config-tomcat" description="Tomcat configuration">
<unjar src="${tomcat-server}/lib/catalina.jar"
dest="${tomcat-server}/classes">
<patternset
includes="org/apache/catalina/startup/Authenticators.properties"/>
</unjar>
<replaceregexp
file="${tomcat-server}/classes/org/apache/catalina/startup/Authenticators.properties"
byline="true"
match="CLIENT-CERT=org.apache.catalina.authenticator.SSLAuthenticator"
replace="CLIENT-CERT=tomcat.SSLAuthenticatorOptional"/>
</target>
---
Mario
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: bug JDBC Real with CLIENT-CERT
Posted by Mark Thomas <ma...@apache.org>.
I committed some patches to support CLIENT-CERT to 5.5.x recently. Should be in
the next release. If you want them now, you can always grab them from CVS.
Mark
> -----Original Message-----
> From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
> Sent: Monday, November 29, 2004 4:02 PM
> To: Tomcat Users List
> Subject: bug JDBC Real with CLIENT-CERT
>
> Hi,
>
> I'm trying to use Client-Cert authentication with Tomcat
> 5.0.28. I could
> make it work using Memory Realm but when I changed to
> JDBCRealm I received
> an authorization error...
>
> In truth, it seems that there's a bug with Client-Cert and
> others Realm
> since 4.x.
>
> I've just read about that in a few links:
>
> http://issues.apache.org/bugzilla/show_bug.cgi?id=30352
>
> http://www.junlu.com/msg/43156.html
>
> Anyone could update that information? Is there any fix or
> patchs in Tomcat
> 5.0.28? I'll need to use it with JDBCRealm and with LDAP (Active
> Directory)...
>
> Thanks a lot!
>
> Paulo Alvim
> Powerlogic - Brazil
>
>
> -----Mensagem original-----
> De: Paulo Alvim [mailto:alvim@powerlogic.com.br]
> Enviada em: sábado, 27 de novembro de 2004 14:20
> Para: Tomcat Users List
> Assunto: RES: [work] CLIENT-CERT
>
>
> Hi,
>
> The questions are:
>
> 1. Is it possible to use two authentication methods (FORM and
> CLIENT_CERT)
> in the same J2EE application?
>
> 2. If so, how could we do it in Tomcat 5.0.19?
>
> Thanks in advance!
>
> Paulo Alvim/Raphael
> Powerlogic - Brazil
>
> -----Mensagem original-----
> De: Raphael Gallo [mailto:raphael@powerlogic.com.br]
> Enviada em: sexta-feira, 26 de novembro de 2004 17:44
> Para: Tomcat Users List
> Assunto: [work] CLIENT-CERT
>
>
> Hi,
>
>
> It´s possible use FORM authentication and CLIENT-CERT
> in the same
> application. How can I do this ?
>
>
>
> Thanks,
>
> Raphael Gallo
> raphael@powerlogic.com.br
>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
bug JDBC Real with CLIENT-CERT
Posted by Paulo Alvim <al...@powerlogic.com.br>.
Hi,
I'm trying to use Client-Cert authentication with Tomcat 5.0.28. I could
make it work using Memory Realm but when I changed to JDBCRealm I received
an authorization error...
In truth, it seems that there's a bug with Client-Cert and others Realm
since 4.x.
I've just read about that in a few links:
http://issues.apache.org/bugzilla/show_bug.cgi?id=30352
http://www.junlu.com/msg/43156.html
Anyone could update that information? Is there any fix or patchs in Tomcat
5.0.28? I'll need to use it with JDBCRealm and with LDAP (Active
Directory)...
Thanks a lot!
Paulo Alvim
Powerlogic - Brazil
-----Mensagem original-----
De: Paulo Alvim [mailto:alvim@powerlogic.com.br]
Enviada em: sábado, 27 de novembro de 2004 14:20
Para: Tomcat Users List
Assunto: RES: [work] CLIENT-CERT
Hi,
The questions are:
1. Is it possible to use two authentication methods (FORM and CLIENT_CERT)
in the same J2EE application?
2. If so, how could we do it in Tomcat 5.0.19?
Thanks in advance!
Paulo Alvim/Raphael
Powerlogic - Brazil
-----Mensagem original-----
De: Raphael Gallo [mailto:raphael@powerlogic.com.br]
Enviada em: sexta-feira, 26 de novembro de 2004 17:44
Para: Tomcat Users List
Assunto: [work] CLIENT-CERT
Hi,
It´s possible use FORM authentication and CLIENT-CERT in the same
application. How can I do this ?
Thanks,
Raphael Gallo
raphael@powerlogic.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RES: [work] CLIENT-CERT
Posted by Paulo Alvim <al...@powerlogic.com.br>.
Hi,
The questions are:
1. Is it possible to use two authentication methods (FORM and CLIENT_CERT)
in the same J2EE application?
2. If so, how could we do it in Tomcat 5.0.19?
Thanks in advance!
Paulo Alvim/Raphael
Powerlogic - Brazil
-----Mensagem original-----
De: Raphael Gallo [mailto:raphael@powerlogic.com.br]
Enviada em: sexta-feira, 26 de novembro de 2004 17:44
Para: Tomcat Users List
Assunto: [work] CLIENT-CERT
Hi,
It´s possible use FORM authentication and CLIENT-CERT in the same
application. How can I do this ?
Thanks,
Raphael Gallo
raphael@powerlogic.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org