Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Apache Tomcat »

RE: Re: HOW TO turn on client Certificate with pop "choose a digital certificate" window

Zhan, Jimmy

2007-02-19


Hi,
 Thanks!
 Could you give me some more detail information? Such as sample config
file, code or links.

Jimmy ZHAN

-----Original Message-----
From: news [mailto:news@(protected)
Sent: Friday, February 16, 2007 7:59 PM
To: users@(protected)
Subject: Re: HOW TO turn on client Certificate with pop "choose a
digital certificate" window

I can see two ways to do this:
1) Tomcat-Specific: Use clientAuth="want" on the Connector, and
configure
the webapp to use BASIC auth in web.xml. You then add a Valve that
looks
for the cert, and authenticates the user based on the cert if possible.
2) Similar in that you still have clientAuth="want", but you have a
Filter
in your webapp that looks for the cert, and if it doesn't find it it
returns
a proper 401 response asking for Basic auth. While this is portable
across
containers, it has the downside that it doesn't allow you to use
container-managed security (e.g. <security-constraint>).

"Zhan, Jimmy" <jzhan@(protected)
news:26D0B22D0A22D445916A05D3E8E6B54E042D3C53@(protected)...
Hi,
 I have set up HTTPS for tomcat without client certificate, and it is
running good. Now I want to turn on the client certificate.
 How can to config the tomcat, let pop a "Choose a digital
certificate" window, allow clients pick Choose a digital certificate,
 If failed , pop a new window to allow user input "User Name" and
"Password".
 In file servrer.xml , if change clientAuth="true", then when client
is not in the "truststoreFile",
          "The page cannot be display" comes out.
If change clientAuth="want", then, tomcat ignores the result of
checking client certificate.
Thanks in advance!!
Jimmy ZHAN
Cash America International
---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)


---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)

©2008 junlu.com - Jax Systems, LLC, U.S.A.