You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Erki Kriks <er...@eer.ee> on 2003/03/21 09:42:46 UTC
authenticate with java servlets
Hello!
I'm using OpenSA (Apache 1.3), Tomcat 3.2.1 and mod_jk.
For SSL i red that ajp13 is needed (not ajp12).
So i get run Tomcat under Apache SSL.
I authenticate user with Apache SSL, but when i read authenticate variables
then i always get null.
String subject = request.getHeader( "CERT_SUBJECT" );
String issuer = request.getHeader( "CERT_ISSUER" );
String issuer = request.getHeader( "SSL_CLIENT_CERT" );
Specification also says that in httpd.conf ajp13 declarations is needed,
like so:
JkExtractSSL On
JkHTTPSIndicator HTTPS
JkSESSIONIndicator SSL_SESSION_ID
JkCIPHERIndicator SSL_CIPHER
JkCERTSIndicator SSL_CLIENT_CERT
Can anybody expert exactly explain what exactly is needed to read certs with
java servlets?
Many thanx!
Erki
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: tomcat dying on solaris
Posted by jo outen <jo...@yahoo.com>.
Much simpler change the catalina.sh to run as ksh
instead of sh. The sh shell is not handling the job
correctly.
--- Carsten Heidmann <he...@Hamburg.BAW.DE> wrote:
> Hi,
> At 21.03.2003 12:16 +0000, you wrote:
> >My tomcat process if dying suddenly on Solaris
> system. I am using tomcat
> >4.1.12 on Solaris 8. There is nothing in the log
> files.
>
> I had this problem when starting Tomcat
> interactively from a telnet/ssh/...
> session. When logging of, dies also, whether or not
> you did start it with
> 'nohub' or '&' If this is your problem try starting
> tomcat as an 'at' job:
>
> root@nokis # at now
> at> /etc/init.d/catalina start
> at> <EOT>
> commands will be executed using /sbin/sh
> job 1048249391.a at Fri Mar 21 13:23:11 2003
> root@nokis #
>
> This is a known bug (I was told from Sun ;-)
>
> Carsten
>
------------------------------------------------------------
> Dipl. Geogr. Carsten Heidmann Bundesanstalt fuer
> Wasserbau
> Tel.: 040.81908.345 - Aussenstelle
> Kueste -
> Fax: 040.81908.373 Wedeler Landstrasse
> 157
> heidmann@hamburg.baw.de DE - 22559 Hamburg
> http://nokis.baw.de/
> http://www.hamburg.baw.de/
>
------------------------------------------------------------
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
>
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: tomcat dying on solaris
Posted by Kapil Sharma <ka...@kapils.net>.
Thanks for your reply. I fixed this problem long time ago by using /bin/ksh
instead of /bin/sh in my startup script.
My tomcat process is dying after 5-6 hours of starting tomcat.
kapil
-----Original Message-----
From: Carsten Heidmann [mailto:heidmann@Hamburg.BAW.DE]
Sent: 21 March 2003 12:23
To: Tomcat Users List
Subject: Re: tomcat dying on solaris
Hi,
At 21.03.2003 12:16 +0000, you wrote:
>My tomcat process if dying suddenly on Solaris system. I am using tomcat
>4.1.12 on Solaris 8. There is nothing in the log files.
I had this problem when starting Tomcat interactively from a telnet/ssh/...
session. When logging of, dies also, whether or not you did start it with
'nohub' or '&' If this is your problem try starting tomcat as an 'at' job:
root@nokis # at now
at> /etc/init.d/catalina start
at> <EOT>
commands will be executed using /sbin/sh
job 1048249391.a at Fri Mar 21 13:23:11 2003No fixed this problem long time
ago. If you made a
root@nokis #
This is a known bug (I was told from Sun ;-)
Carsten
------------------------------------------------------------
Dipl. Geogr. Carsten Heidmann Bundesanstalt fuer Wasserbau
Tel.: 040.81908.345 - Aussenstelle Kueste -
Fax: 040.81908.373 Wedeler Landstrasse 157
heidmann@hamburg.baw.de DE - 22559 Hamburg
http://nokis.baw.de/ http://www.hamburg.baw.de/
------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: tomcat dying on solaris
Posted by Carsten Heidmann <he...@Hamburg.BAW.DE>.
Hi,
At 21.03.2003 12:16 +0000, you wrote:
>My tomcat process if dying suddenly on Solaris system. I am using tomcat
>4.1.12 on Solaris 8. There is nothing in the log files.
I had this problem when starting Tomcat interactively from a telnet/ssh/...
session. When logging of, dies also, whether or not you did start it with
'nohub' or '&' If this is your problem try starting tomcat as an 'at' job:
root@nokis # at now
at> /etc/init.d/catalina start
at> <EOT>
commands will be executed using /sbin/sh
job 1048249391.a at Fri Mar 21 13:23:11 2003
root@nokis #
This is a known bug (I was told from Sun ;-)
Carsten
------------------------------------------------------------
Dipl. Geogr. Carsten Heidmann Bundesanstalt fuer Wasserbau
Tel.: 040.81908.345 - Aussenstelle Kueste -
Fax: 040.81908.373 Wedeler Landstrasse 157
heidmann@hamburg.baw.de DE - 22559 Hamburg
http://nokis.baw.de/ http://www.hamburg.baw.de/
------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
tomcat dying on solaris
Posted by Kapil Sharma <ka...@kapils.net>.
Hi,
My tomcat process if dying suddenly on Solaris system. I am using tomcat
4.1.12 on Solaris 8. There is nothing in the log files.
Any ideas!!
Thanks
kapil
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: authenticate with java servlets
Posted by Erki Kriks <er...@eer.ee>.
Hi!
Yes, i tried it before:
java.security.cert.X509Certificate certt =
(java.security.cert.X509Certificate)request.getAttribute("javax.servlet.requ
est.X509Certificate");
but it's still return null.
Is it possible if user authenticate to web then Apache saves user cert to
some directory
and later servlet can read this cert from that directory?
> Hi,
> with tomcat 3.2.1 you may try with:
>
> String strX509 = req.getAttribute("javax.servlet.request.X509Certificate")
> Certificate cert = new X509Certificate(strX509.getBytes() );
>
> if it doesn't work, you could try with (as servlet specs says):
>
> Object obj = req.getAttribute("javax.servlet.request.X509Certificate")
> Certificate cert = null;
> if(obj instanceof String)
> {
> String strX509 = (String)obj;
> cert = new X509Certificate(strX509.getBytes() );
> }
> else
> {
> cert = (Certificate)obj;
> }
>
> Hope this helps.
> Tito.
>
> ----- Original Message -----
> From: "Erki Kriks" <er...@eer.ee>
> To: "Tomcat Users List" <to...@jakarta.apache.org>
> Sent: Friday, March 21, 2003 9:42 AM
> Subject: authenticate with java servlets
>
>
> > Hello!
> >
> > I'm using OpenSA (Apache 1.3), Tomcat 3.2.1 and mod_jk.
> > For SSL i red that ajp13 is needed (not ajp12).
> >
> > So i get run Tomcat under Apache SSL.
> > I authenticate user with Apache SSL, but when i read authenticate
> variables
> > then i always get null.
> > String subject = request.getHeader( "CERT_SUBJECT" );
> > String issuer = request.getHeader( "CERT_ISSUER" );
> > String issuer = request.getHeader( "SSL_CLIENT_CERT" );
> >
> > Specification also says that in httpd.conf ajp13 declarations is needed,
> > like so:
> > JkExtractSSL On
> > JkHTTPSIndicator HTTPS
> > JkSESSIONIndicator SSL_SESSION_ID
> > JkCIPHERIndicator SSL_CIPHER
> > JkCERTSIndicator SSL_CLIENT_CERT
> >
> >
> > Can anybody expert exactly explain what exactly is needed to read certs
> with
> > java servlets?
> >
> > Many thanx!
> > Erki
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: authenticate with java servlets
Posted by Erki Kriks <er...@eer.ee>.
By the way, thank you, i get the user cert at last:)
String cert =
request.getAttribute("javax.servlet.request.X509Certificate").toString();
> Hi,
> with tomcat 3.2.1 you may try with:
>
> String strX509 = req.getAttribute("javax.servlet.request.X509Certificate")
> Certificate cert = new X509Certificate(strX509.getBytes() );
>
> if it doesn't work, you could try with (as servlet specs says):
>
> Object obj = req.getAttribute("javax.servlet.request.X509Certificate")
> Certificate cert = null;
> if(obj instanceof String)
> {
> String strX509 = (String)obj;
> cert = new X509Certificate(strX509.getBytes() );
> }
> else
> {
> cert = (Certificate)obj;
> }
>
> Hope this helps.
> Tito.
>
>>
> > Hello!
> >
> > I'm using OpenSA (Apache 1.3), Tomcat 3.2.1 and mod_jk.
> > For SSL i red that ajp13 is needed (not ajp12).
> >
> > So i get run Tomcat under Apache SSL.
> > I authenticate user with Apache SSL, but when i read authenticate
> variables
> > then i always get null.
> > String subject = request.getHeader( "CERT_SUBJECT" );
> > String issuer = request.getHeader( "CERT_ISSUER" );
> > String issuer = request.getHeader( "SSL_CLIENT_CERT" );
> >
> > Specification also says that in httpd.conf ajp13 declarations is needed,
> > like so:
> > JkExtractSSL On
> > JkHTTPSIndicator HTTPS
> > JkSESSIONIndicator SSL_SESSION_ID
> > JkCIPHERIndicator SSL_CIPHER
> > JkCERTSIndicator SSL_CLIENT_CERT
> >
> >
> > Can anybody expert exactly explain what exactly is needed to read certs
> with
> > java servlets?
> >
> > Many thanx!
> > Erki
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: authenticate with java servlets
Posted by tito santini <ti...@netikos.com>.
Hi,
with tomcat 3.2.1 you may try with:
String strX509 = req.getAttribute("javax.servlet.request.X509Certificate")
Certificate cert = new X509Certificate(strX509.getBytes() );
if it doesn't work, you could try with (as servlet specs says):
Object obj = req.getAttribute("javax.servlet.request.X509Certificate")
Certificate cert = null;
if(obj instanceof String)
{
String strX509 = (String)obj;
cert = new X509Certificate(strX509.getBytes() );
}
else
{
cert = (Certificate)obj;
}
Hope this helps.
Tito.
----- Original Message -----
From: "Erki Kriks" <er...@eer.ee>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Friday, March 21, 2003 9:42 AM
Subject: authenticate with java servlets
> Hello!
>
> I'm using OpenSA (Apache 1.3), Tomcat 3.2.1 and mod_jk.
> For SSL i red that ajp13 is needed (not ajp12).
>
> So i get run Tomcat under Apache SSL.
> I authenticate user with Apache SSL, but when i read authenticate
variables
> then i always get null.
> String subject = request.getHeader( "CERT_SUBJECT" );
> String issuer = request.getHeader( "CERT_ISSUER" );
> String issuer = request.getHeader( "SSL_CLIENT_CERT" );
>
> Specification also says that in httpd.conf ajp13 declarations is needed,
> like so:
> JkExtractSSL On
> JkHTTPSIndicator HTTPS
> JkSESSIONIndicator SSL_SESSION_ID
> JkCIPHERIndicator SSL_CIPHER
> JkCERTSIndicator SSL_CLIENT_CERT
>
>
> Can anybody expert exactly explain what exactly is needed to read certs
with
> java servlets?
>
> Many thanx!
> Erki
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org