You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by 罗时飞 <lu...@yuchengtech.com> on 2007/09/24 03:26:20 UTC

答复: could two tomcat servers have mutual authentication?

Can you refer the Chinese book named 《Agile Acegi、CAS－Architecting and
Developing Secure Java Systems》 written by me?

Thx.



-----邮件原件-----
发件人: quanxin zhu [mailto:quanxinzhu@gmail.com] 
发送时间: 2007年9月24日 9:16
收件人: users@tomcat.apache.org
主题: could two tomcat servers have mutual authentication?

 I setup a tomcat server 1 using client authentication, and deployed a
webservice on it.
So, when invoke the webservice, a certification is needed.
In server 2 , I want a servlet to invoke the webservice in server 1.
could server 2 automatically provide its certification to tomcat 1 when
invoke webservice?

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: ??: could two tomcat servers have mutual authentication?

Posted by Mark Thomas <ma...@apache.org>.

quanxin zhu wrote:
> Could you explain it in detail?

You have written the code to call a web service. You need to write
additional code to pass a certificate.

> where could I find the instruction to modify the code to implement this
> function?

Goggle woudl be a good place to start.

> I have another questions, when navigate a servlet using browser, the tomcat
> server could trasfer the certification to browser automatically,
> why cannot it transfer the certification to other tomcat servers for
> authentication?

Because in Tomcat to browser communciation Tomcat is acting as the
server and Tomcat includes code to pass the certificate to the client in
this case.

When you write a servlet that calls a web service, your servlet is
acting as a client and you have to hand code the SSL aspects in the same
way as every other aspect of the web service client.

Mark

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

答复: ??: could two tomcat servers have mutual authentication?

Posted by 罗时飞 <lu...@yuchengtech.com>.

Yes, you are right, this is what my book used. :-)

-----邮件原件-----
发件人: quanxin zhu [mailto:quanxinzhu@gmail.com] 
发送时间: 2007年9月25日 22:58
收件人: Tomcat Users List
主题: Re: ??: could two tomcat servers have mutual authentication?

Let me post the solution:

It is very easy to transfer client certificate to servers that required
client authentication using certificate,

just add the following two statements in my webservice client:

System.setProperty("javax.net.ssl.keyStore",keystore);
System.setProperty("javax.net.ssl.keyStorePassword",password);


2007/9/24, quanxin zhu <qu...@gmail.com>:
>
> ok, I know.
> Thx a lot!
>
>
> 2007/9/24, Mark Thomas <ma...@apache.org>:
> >
> > quanxin zhu wrote:
> > > Could you explain it in detail?
> >
> > You have written the code to call a web service. You need to write
> > additional code to pass a certificate.
> >
> > > where could I find the instruction to modify the code to implement
> > this
> > > function?
> >
> > Goggle woudl be a good place to start.
> >
> > > I have another questions, when navigate a servlet using browser, the
> > tomcat
> > > server could trasfer the certification to browser automatically,
> > > why cannot it transfer the certification to other tomcat servers for
> > > authentication?
> >
> > Because in Tomcat to browser communciation Tomcat is acting as the
> > server and Tomcat includes code to pass the certificate to the client in
> > this case.
> >
> > When you write a servlet that calls a web service, your servlet is
> > acting as a client and you have to hand code the SSL aspects in the same
> >
> > way as every other aspect of the web service client.
> >
> > Mark
> >
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: ??: could two tomcat servers have mutual authentication?

Posted by quanxin zhu <qu...@gmail.com>.

Let me post the solution:

It is very easy to transfer client certificate to servers that required
client authentication using certificate,

just add the following two statements in my webservice client:

System.setProperty("javax.net.ssl.keyStore",keystore);
System.setProperty("javax.net.ssl.keyStorePassword",password);


2007/9/24, quanxin zhu <qu...@gmail.com>:
>
> ok, I know.
> Thx a lot!
>
>
> 2007/9/24, Mark Thomas <ma...@apache.org>:
> >
> > quanxin zhu wrote:
> > > Could you explain it in detail?
> >
> > You have written the code to call a web service. You need to write
> > additional code to pass a certificate.
> >
> > > where could I find the instruction to modify the code to implement
> > this
> > > function?
> >
> > Goggle woudl be a good place to start.
> >
> > > I have another questions, when navigate a servlet using browser, the
> > tomcat
> > > server could trasfer the certification to browser automatically,
> > > why cannot it transfer the certification to other tomcat servers for
> > > authentication?
> >
> > Because in Tomcat to browser communciation Tomcat is acting as the
> > server and Tomcat includes code to pass the certificate to the client in
> > this case.
> >
> > When you write a servlet that calls a web service, your servlet is
> > acting as a client and you have to hand code the SSL aspects in the same
> >
> > way as every other aspect of the web service client.
> >
> > Mark
> >
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>

Re: ??: could two tomcat servers have mutual authentication?

Posted by quanxin zhu <qu...@gmail.com>.

ok, I know.
Thx a lot!


2007/9/24, Mark Thomas <ma...@apache.org>:
>
> quanxin zhu wrote:
> > Could you explain it in detail?
>
> You have written the code to call a web service. You need to write
> additional code to pass a certificate.
>
> > where could I find the instruction to modify the code to implement this
> > function?
>
> Goggle woudl be a good place to start.
>
> > I have another questions, when navigate a servlet using browser, the
> tomcat
> > server could trasfer the certification to browser automatically,
> > why cannot it transfer the certification to other tomcat servers for
> > authentication?
>
> Because in Tomcat to browser communciation Tomcat is acting as the
> server and Tomcat includes code to pass the certificate to the client in
> this case.
>
> When you write a servlet that calls a web service, your servlet is
> acting as a client and you have to hand code the SSL aspects in the same
> way as every other aspect of the web service client.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Re: ??: could two tomcat servers have mutual authentication?

Posted by Mark Thomas <ma...@apache.org>.

quanxin zhu wrote:
> Could you explain it in detail?

You have written the code to call a web service. You need to write
additional code to pass a certificate.

> where could I find the instruction to modify the code to implement this
> function?

Goggle woudl be a good place to start.

> I have another questions, when navigate a servlet using browser, the tomcat
> server could trasfer the certification to browser automatically,
> why cannot it transfer the certification to other tomcat servers for
> authentication?

Because in Tomcat to browser communciation Tomcat is acting as the
server and Tomcat includes code to pass the certificate to the client in
this case.

When you write a servlet that calls a web service, your servlet is
acting as a client and you have to hand code the SSL aspects in the same
way as every other aspect of the web service client.

Mark

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: 答复: could two tomcat servers have mutual authentication?

Posted by quanxin zhu <qu...@gmail.com>.

Thanks for your reply

Could you explain it in detail?

where could I find the instruction to modify the code to implement this
function?

Any suggestion?

I have another questions, when navigate a servlet using browser, the tomcat
server could trasfer the certification to browser automatically,
why cannot it transfer the certification to other tomcat servers for
authentication?

zhu quan xin

2007/9/24, Mark Thomas <ma...@apache.org>:
>
> quanxin zhu wrote:
> > I am using certification for client authentication, so yale CAS is not
> what
> > I want.
> >
> > My point is that, does tomcat provide the function, that
> > when invoke other tomcat's webservice, it could provide its
> certification to
> > other tomcat servers?
>
> There is no functionality to do this automatically. You would have to
> hand code this.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Re: 答复: could two tomcat servers have mutual authentication?

Posted by Mark Thomas <ma...@apache.org>.

quanxin zhu wrote:
> I am using certification for client authentication, so yale CAS is not what
> I want.
> 
> My point is that, does tomcat provide the function, that
> when invoke other tomcat's webservice, it could provide its certification to
> other tomcat servers?

There is no functionality to do this automatically. You would have to
hand code this.

Mark


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: 答复: could two tomcat servers have mutual authentication?

Posted by quanxin zhu <qu...@gmail.com>.

I am using certification for client authentication, so yale CAS is not what
I want.

My point is that, does tomcat provide the function, that
when invoke other tomcat's webservice, it could provide its certification to
other tomcat servers?



在07-9-24，罗时飞 <lu...@yuchengtech.com> 写道：
>
> Can you refer the Chinese book named 《Agile Acegi、CAS－Architecting and
> Developing Secure Java Systems》 written by me?
>
> Thx.
>
>
>
> -----邮件原件-----
> 发件人: quanxin zhu [mailto:quanxinzhu@gmail.com]
> 发送时间: 2007年9月24日 9:16
> 收件人: users@tomcat.apache.org
> 主题: could two tomcat servers have mutual authentication?
>
> I setup a tomcat server 1 using client authentication, and deployed a
> webservice on it.
> So, when invoke the webservice, a certification is needed.
> In server 2 , I want a servlet to invoke the webservice in server 1.
> could server 2 automatically provide its certification to tomcat 1 when
> invoke webservice?
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>