Re: Authenticate with X509 certification

2008-06-09 Thread Andreas Huelsing
Hi Luis, sorry, at this point I can't help you. Never done sth. similar. andreas Luis Pascual Forner schrieb: Hi, Andreas I think that I did'nt explained correctly. What I would is to have some pages that requires authentication, and others not (as in Apache server, where is possible to set S

Re: Authenticate with X509 certification

2008-06-09 Thread Luis Pascual Forner
Hi, Andreas I think that I did'nt explained correctly. What I would is to have some pages that requires authentication, and others not (as in Apache server, where is possible to set SSLVerifyClient at directory level). Because the "clientAuth" attribute is at the "Connector" level, I do'nt want t

Re: Authenticate with X509 certification

2008-06-09 Thread Andreas Huelsing
Ok, you know, that you have to use ssl/tsl or some challenge-response protocol to ensure that the owner of the certificate also owns the corresponding private key? So the best way might be to use ssl with client auth and an all trusting trustmanager which accepts every certificate but checks

Re: Authenticate with X509 certification

2008-06-08 Thread Luis Pascual Forner
No, because I want that the certificate was required ONLY when I acces to some pages. In fact, this is how now works, but sometimes the method getAttribute("javax.servlet.request.X509Certificate") returns null. Finally, I store the certificate in the session, and get it from there when I need it.

Re: Authenticate with X509 certification

2008-06-05 Thread ahuelsing
Hi, you have to set clientAuth="true" andreas Luis Pascual Forner schrieb: Thanks, Bill, I use the JIO connector. That's my server.xml: className="org.apache.catalina.mbeans.ServerLifecycleListener" /> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> cla

Re: Authenticate with X509 certification

2008-06-05 Thread Luis Pascual Forner
More information: If I use Internet Explorer, in the log appears: java.net.SocketException: Socket Closed at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201) at java.net.Socket.setSoTimeout(Socket.java:997) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoT

Re: Authenticate with X509 certification

2008-06-05 Thread Luis Pascual Forner
Thanks, Bill, I use the JIO connector. That's my server.xml: className="org.apache.catalina.mbeans.ServerLifecycleListener" /> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>

Re: Authenticate with X509 certification

2008-06-04 Thread Bill Barker
"Luis Pascual Forner" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > I need autheticate ONLY with client certificate (i.e., I don't want > to check any user's database) . I did that follow: > > 1. I write a "X509Realm", with a method "authenticate" that > only chec