You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by 罗时飞 <lu...@yuchengtech.com> on 2007/09/24 03:26:20 UTC
答复: could two tomcat servers have mutual authentication?
Can you refer the Chinese book named 《Agile Acegi、CAS-Architecting and
Developing Secure Java Systems》 written by me?
Thx.
-----邮件原件-----
发件人: quanxin zhu [mailto:quanxinzhu@gmail.com]
发送时间: 2007年9月24日 9:16
收件人: users@tomcat.apache.org
主题: could two tomcat servers have mutual authentication?
I setup a tomcat server 1 using client authentication, and deployed a
webservice on it.
So, when invoke the webservice, a certification is needed.
In server 2 , I want a servlet to invoke the webservice in server 1.
could server 2 automatically provide its certification to tomcat 1 when
invoke webservice?
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: ??: could two tomcat servers have mutual authentication?
Posted by Mark Thomas <ma...@apache.org>.
quanxin zhu wrote:
> Could you explain it in detail?
You have written the code to call a web service. You need to write
additional code to pass a certificate.
> where could I find the instruction to modify the code to implement this
> function?
Goggle woudl be a good place to start.
> I have another questions, when navigate a servlet using browser, the tomcat
> server could trasfer the certification to browser automatically,
> why cannot it transfer the certification to other tomcat servers for
> authentication?
Because in Tomcat to browser communciation Tomcat is acting as the
server and Tomcat includes code to pass the certificate to the client in
this case.
When you write a servlet that calls a web service, your servlet is
acting as a client and you have to hand code the SSL aspects in the same
way as every other aspect of the web service client.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
答复: ??: could two tomcat servers have mutual authentication?
Posted by 罗时飞 <lu...@yuchengtech.com>.
Yes, you are right, this is what my book used. :-)
-----邮件原件-----
发件人: quanxin zhu [mailto:quanxinzhu@gmail.com]
发送时间: 2007年9月25日 22:58
收件人: Tomcat Users List
主题: Re: ??: could two tomcat servers have mutual authentication?
Let me post the solution:
It is very easy to transfer client certificate to servers that required
client authentication using certificate,
just add the following two statements in my webservice client:
System.setProperty("javax.net.ssl.keyStore",keystore);
System.setProperty("javax.net.ssl.keyStorePassword",password);
2007/9/24, quanxin zhu <qu...@gmail.com>:
>
> ok, I know.
> Thx a lot!
>
>
> 2007/9/24, Mark Thomas <ma...@apache.org>:
> >
> > quanxin zhu wrote:
> > > Could you explain it in detail?
> >
> > You have written the code to call a web service. You need to write
> > additional code to pass a certificate.
> >
> > > where could I find the instruction to modify the code to implement
> > this
> > > function?
> >
> > Goggle woudl be a good place to start.
> >
> > > I have another questions, when navigate a servlet using browser, the
> > tomcat
> > > server could trasfer the certification to browser automatically,
> > > why cannot it transfer the certification to other tomcat servers for
> > > authentication?
> >
> > Because in Tomcat to browser communciation Tomcat is acting as the
> > server and Tomcat includes code to pass the certificate to the client in
> > this case.
> >
> > When you write a servlet that calls a web service, your servlet is
> > acting as a client and you have to hand code the SSL aspects in the same
> >
> > way as every other aspect of the web service client.
> >
> > Mark
> >
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: ??: could two tomcat servers have mutual authentication?
Posted by quanxin zhu <qu...@gmail.com>.
Let me post the solution:
It is very easy to transfer client certificate to servers that required
client authentication using certificate,
just add the following two statements in my webservice client:
System.setProperty("javax.net.ssl.keyStore",keystore);
System.setProperty("javax.net.ssl.keyStorePassword",password);
2007/9/24, quanxin zhu <qu...@gmail.com>:
>
> ok, I know.
> Thx a lot!
>
>
> 2007/9/24, Mark Thomas <ma...@apache.org>:
> >
> > quanxin zhu wrote:
> > > Could you explain it in detail?
> >
> > You have written the code to call a web service. You need to write
> > additional code to pass a certificate.
> >
> > > where could I find the instruction to modify the code to implement
> > this
> > > function?
> >
> > Goggle woudl be a good place to start.
> >
> > > I have another questions, when navigate a servlet using browser, the
> > tomcat
> > > server could trasfer the certification to browser automatically,
> > > why cannot it transfer the certification to other tomcat servers for
> > > authentication?
> >
> > Because in Tomcat to browser communciation Tomcat is acting as the
> > server and Tomcat includes code to pass the certificate to the client in
> > this case.
> >
> > When you write a servlet that calls a web service, your servlet is
> > acting as a client and you have to hand code the SSL aspects in the same
> >
> > way as every other aspect of the web service client.
> >
> > Mark
> >
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>
Re: ??: could two tomcat servers have mutual authentication?
Posted by quanxin zhu <qu...@gmail.com>.
ok, I know.
Thx a lot!
2007/9/24, Mark Thomas <ma...@apache.org>:
>
> quanxin zhu wrote:
> > Could you explain it in detail?
>
> You have written the code to call a web service. You need to write
> additional code to pass a certificate.
>
> > where could I find the instruction to modify the code to implement this
> > function?
>
> Goggle woudl be a good place to start.
>
> > I have another questions, when navigate a servlet using browser, the
> tomcat
> > server could trasfer the certification to browser automatically,
> > why cannot it transfer the certification to other tomcat servers for
> > authentication?
>
> Because in Tomcat to browser communciation Tomcat is acting as the
> server and Tomcat includes code to pass the certificate to the client in
> this case.
>
> When you write a servlet that calls a web service, your servlet is
> acting as a client and you have to hand code the SSL aspects in the same
> way as every other aspect of the web service client.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: ??: could two tomcat servers have mutual authentication?
Posted by Mark Thomas <ma...@apache.org>.
quanxin zhu wrote:
> Could you explain it in detail?
You have written the code to call a web service. You need to write
additional code to pass a certificate.
> where could I find the instruction to modify the code to implement this
> function?
Goggle woudl be a good place to start.
> I have another questions, when navigate a servlet using browser, the tomcat
> server could trasfer the certification to browser automatically,
> why cannot it transfer the certification to other tomcat servers for
> authentication?
Because in Tomcat to browser communciation Tomcat is acting as the
server and Tomcat includes code to pass the certificate to the client in
this case.
When you write a servlet that calls a web service, your servlet is
acting as a client and you have to hand code the SSL aspects in the same
way as every other aspect of the web service client.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: 答复: could two tomcat servers have mutual authentication?
Posted by quanxin zhu <qu...@gmail.com>.
Thanks for your reply
Could you explain it in detail?
where could I find the instruction to modify the code to implement this
function?
Any suggestion?
I have another questions, when navigate a servlet using browser, the tomcat
server could trasfer the certification to browser automatically,
why cannot it transfer the certification to other tomcat servers for
authentication?
zhu quan xin
2007/9/24, Mark Thomas <ma...@apache.org>:
>
> quanxin zhu wrote:
> > I am using certification for client authentication, so yale CAS is not
> what
> > I want.
> >
> > My point is that, does tomcat provide the function, that
> > when invoke other tomcat's webservice, it could provide its
> certification to
> > other tomcat servers?
>
> There is no functionality to do this automatically. You would have to
> hand code this.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: 答复: could two tomcat servers have mutual authentication?
Posted by Mark Thomas <ma...@apache.org>.
quanxin zhu wrote:
> I am using certification for client authentication, so yale CAS is not what
> I want.
>
> My point is that, does tomcat provide the function, that
> when invoke other tomcat's webservice, it could provide its certification to
> other tomcat servers?
There is no functionality to do this automatically. You would have to
hand code this.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: 答复: could two tomcat servers have mutual authentication?
Posted by quanxin zhu <qu...@gmail.com>.
I am using certification for client authentication, so yale CAS is not what
I want.
My point is that, does tomcat provide the function, that
when invoke other tomcat's webservice, it could provide its certification to
other tomcat servers?
在07-9-24,罗时飞 <lu...@yuchengtech.com> 写道:
>
> Can you refer the Chinese book named 《Agile Acegi、CAS-Architecting and
> Developing Secure Java Systems》 written by me?
>
> Thx.
>
>
>
> -----邮件原件-----
> 发件人: quanxin zhu [mailto:quanxinzhu@gmail.com]
> 发送时间: 2007年9月24日 9:16
> 收件人: users@tomcat.apache.org
> 主题: could two tomcat servers have mutual authentication?
>
> I setup a tomcat server 1 using client authentication, and deployed a
> webservice on it.
> So, when invoke the webservice, a certification is needed.
> In server 2 , I want a servlet to invoke the webservice in server 1.
> could server 2 automatically provide its certification to tomcat 1 when
> invoke webservice?
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>