You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Chaitresh <ch...@hotmail.com> on 2001/12/29 00:41:08 UTC
CLIENT-CERT - How do I make it work????
Hi all,
Heres what I'm using:
OS: Win 2000
Tomcat version: 4
Client Browser: IE 5+
I am trying to protect a jsp/servlet resource in my website. I want to give access to the resource if the right certificate is provided by the user. Making a ssl connection with client authentication is not a problem. This is the part of my server.xml that allows ssl with client authentication:
---- snip begin [server.xml] -----
<Connector className="org.apache.catalina.connector.http.HttpConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="true" protocol="TLS"/>
</Connector>
---- snip end [server.xml] -----
So whenever I go to my webserver (https://localhost:8443") IE pops up a list of certificates that I can send back to the server. I select one of the many certificates that my website has given me and send it back to the server.
_Heres my problem_:
At the server I want to check the Common Name in the certificate sent by the client. I figured that I will be able to do so by getting the Principal via "request.getUserPrincipal()" and digging into it. But it returns null. Then I realized that I must make some additions/changes in the tomcat-users.xml and web.xml. But I am not really clear as to what these additions/changes are and I have not found any good resource on the web explaining the same. Heres how parts of my xml files look like:
---- snip begin [web.xml] -----
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Tomcat Manager Application</realm-name>
</login-config>
---- snip end [web.xml] -----
---- snip begin [tomcat-users.xml] -----
<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
<!-- Common name in the clients certificate is 3763 -->
<user name="3763" password="tomcat" roles="tomcat" />
</tomcat-users>
---- snip end [tomcat-users.xml] -----
The Common Name in the certificate is 3763 (the certificate I want to grant access to). However I have know idea where the password comes into picture.
I am sure things are incorrect or missing, I'd really appreciate if anyone can help me.
Thanks
-Chaitresh