You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/05/12 22:31:10 UTC

DO NOT REPLY [Bug 19867] New: - Declarative SSL Client Authentication don't work

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19867>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19867

Declarative SSL Client Authentication don't work

           Summary: Declarative SSL Client Authentication don't work
           Product: Tomcat 4
           Version: 4.1.24
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Connector:Coyote HTTP/1.1
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: desked@yahoo.de


I've configured tomcat in my web.xml to use SSL Client Authentication.

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Administration</web-resource-name>
      <url-pattern>/x.jsp</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>Administration Area</realm-name>
  </login-config>

  <security-role>
    <role-name>admin</role-name>
  </security-role>

When i try to access the page x.jsp, the server do not asks the client for an 
Client-Certificate. The debug messages in my webapp log file are:

2003-05-12 21:59:53 Authenticator[]: Security checking request GET /x.jsp
2003-05-12 21:59:53 Authenticator[]:   Checking constraint 'SecurityConstraint
[Administration]' against GET /x.jsp --> true
2003-05-12 21:59:53 Authenticator[]:  Subject to constraint SecurityConstraint
[Administration]
2003-05-12 21:59:53 Authenticator[]:  Calling checkUserData()
2003-05-12 21:59:53 Authenticator[]:   User data constraint has no restrictions
2003-05-12 21:59:53 Authenticator[]:  Calling authenticate()
2003-05-12 21:59:53 Authenticator[]:  Looking up certificates
2003-05-12 21:59:53 Authenticator[]:   No certificates included with this 
request
2003-05-12 21:59:53 Authenticator[]:  Failed authenticate() test

Debugging the source code of the SSL Authentication Module and the 
CertificatesValve.class i noticed, that the "Request" Object in the "verifiy" 
Method doesn't have an Socket-Object set. So there is no SSL Socket and the 
CertificateValve could not ask the Client-Browser to send the certificates.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org