You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Sander Smith <ss...@rogers.com> on 2004/06/01 12:29:18 UTC

SSL Client Authorization

I'm writing an application with SSL that's been working fine, and would 
like to enable client authorization. It seemed like the thing to do was go 
to my connector (org.apache.coyote.tomcat5.CoyoteConnector) and enable it 
there. Lo and behold there is a method (setClientAuth) that seems to do 
what I want, but for some strange reason it takes a string as an argument 
instead of a boolean. What am I missing here?? How do I enable this?

Sander Smith



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: SSL Client Authorization

Posted by Jim Hopp <ji...@netyourwork.com>.

According to this link 
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html

possible values are "true", "want", and (I presume) "false".

I use client authentication in (non-embedded) Tomcat, and "true" does 
indeed require client authentication.

-Jim

Sander Smith wrote:
> Doug,
> 
> Thanks for your help but this isn't what I need. Yes, I want the client 
> to present a certificate for validation during the SSL handshake, but 
> your solution is not available to me. You suggest putting something in a 
> config file, but I'm running Tomcat embedded, so all of the 
> configuration is happening programmatically.
> 
> I have a org.apache.coyote.tomcat5.CoyoteConnector and I call 
> setKeystoreFile(...), setKeyAlias(...), etc. to set up the server side 
> SSL, and this is working great. When I want to request a client 
> certificate I would expect to call setClientAuth(...) to do this. 
> However, I'd expect to pass a boolean into this method, but instead, the 
> interface requires a String!!! To make matters worse, there's no 
> documentation to say what this string is.
> 
> Does anyone know how to do this programmatically??
> 
> Sander Smith
> 
> At 08:20 AM 6/1/2004 -0400, you wrote:
> 
>> Sander,
>>
>> If what you want is to have the client present a certificate for 
>> validation,
>> then in your connector have something like
>>
>> clientAuth="true"
>>
>> See
>> http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
>>
>> If you are looking for something different let us know.
>>
>> Doug
>> www.parsonstechnical.com
>>
>>
>>
>> ----- Original Message -----
>> From: "Sander Smith" <ss...@rogers.com>
>> To: <to...@jakarta.apache.org>
>> Sent: Tuesday, June 01, 2004 6:29 AM
>> Subject: SSL Client Authorization
>>
>>
>> > I'm writing an application with SSL that's been working fine, and would
>> > like to enable client authorization. It seemed like the thing to do 
>> was go
>> > to my connector (org.apache.coyote.tomcat5.CoyoteConnector) and 
>> enable it
>> > there. Lo and behold there is a method (setClientAuth) that seems to do
>> > what I want, but for some strange reason it takes a string as an 
>> argument
>> > instead of a boolean. What am I missing here?? How do I enable this?
>> >
>> > Sander Smith
>> >
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>> >
>> >
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: SSL Client Authorization

Posted by Sander Smith <ss...@rogers.com>.

Doug,

Thanks for your help but this isn't what I need. Yes, I want the client to 
present a certificate for validation during the SSL handshake, but your 
solution is not available to me. You suggest putting something in a config 
file, but I'm running Tomcat embedded, so all of the configuration is 
happening programmatically.

I have a org.apache.coyote.tomcat5.CoyoteConnector and I call 
setKeystoreFile(...), setKeyAlias(...), etc. to set up the server side SSL, 
and this is working great. When I want to request a client certificate I 
would expect to call setClientAuth(...) to do this. However, I'd expect to 
pass a boolean into this method, but instead, the interface requires a 
String!!! To make matters worse, there's no documentation to say what this 
string is.

Does anyone know how to do this programmatically??

Sander Smith

At 08:20 AM 6/1/2004 -0400, you wrote:
>Sander,
>
>If what you want is to have the client present a certificate for validation,
>then in your connector have something like
>
>clientAuth="true"
>
>See
>http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
>
>If you are looking for something different let us know.
>
>Doug
>www.parsonstechnical.com
>
>
>
>----- Original Message -----
>From: "Sander Smith" <ss...@rogers.com>
>To: <to...@jakarta.apache.org>
>Sent: Tuesday, June 01, 2004 6:29 AM
>Subject: SSL Client Authorization
>
>
> > I'm writing an application with SSL that's been working fine, and would
> > like to enable client authorization. It seemed like the thing to do was go
> > to my connector (org.apache.coyote.tomcat5.CoyoteConnector) and enable it
> > there. Lo and behold there is a method (setClientAuth) that seems to do
> > what I want, but for some strange reason it takes a string as an argument
> > instead of a boolean. What am I missing here?? How do I enable this?
> >
> > Sander Smith
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: SSL Client Authorization

Posted by Parsons Technical Services <pa...@earthlink.net>.

Sander,

If what you want is to have the client present a certificate for validation,
then in your connector have something like

clientAuth="true"

See
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html

If you are looking for something different let us know.

Doug
www.parsonstechnical.com



----- Original Message ----- 
From: "Sander Smith" <ss...@rogers.com>
To: <to...@jakarta.apache.org>
Sent: Tuesday, June 01, 2004 6:29 AM
Subject: SSL Client Authorization


> I'm writing an application with SSL that's been working fine, and would
> like to enable client authorization. It seemed like the thing to do was go
> to my connector (org.apache.coyote.tomcat5.CoyoteConnector) and enable it
> there. Lo and behold there is a method (setClientAuth) that seems to do
> what I want, but for some strange reason it takes a string as an argument
> instead of a boolean. What am I missing here?? How do I enable this?
>
> Sander Smith
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: SSL Client Authorization

Posted by Parsons Technical Services <pa...@earthlink.net>.

Sander,

If what you want is to have the client present a certificate for validation,
then in your connector have something like

clientAuth="true"

See
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html

If you are looking for something different let us know.

Doug
www.parsonstechnical.com



----- Original Message ----- 
From: "Sander Smith" <ss...@rogers.com>
To: <to...@jakarta.apache.org>
Sent: Tuesday, June 01, 2004 6:29 AM
Subject: SSL Client Authorization


> I'm writing an application with SSL that's been working fine, and would
> like to enable client authorization. It seemed like the thing to do was go
> to my connector (org.apache.coyote.tomcat5.CoyoteConnector) and enable it
> there. Lo and behold there is a method (setClientAuth) that seems to do
> what I want, but for some strange reason it takes a string as an argument
> instead of a boolean. What am I missing here?? How do I enable this?
>
> Sander Smith
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org