Hi all,
Heres what I'm using:
OS: Win 2000
Tomcat version: 4
Client Browser: IE 5+
I am trying to protect a jsp/servlet resource in my website. I want to give access to
the resource if the right certificate is provided by the user. Making a ssl connection
with client authentication is not a problem. This is the part of my server.xml that
allows ssl with client authentication:
---- snip begin [server.xml] -----
<Connector className="org.apache.catalina.connector.http.HttpConnector" port="8443"
minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0"
scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="true" protocol="TLS"/>
</Connector>
---- snip end [server.xml] -----
So whenever I go to my webserver (https://localhost:8443";) IE pops up a list of
certificates that I can send back to the server. I select one of the many certificates
that my website has given me and send it back to the server.
_Heres my problem_:
At the server I want to check the Common Name in the certificate sent by the client. I
figured that I will be able to do so by getting the Principal via
"request.getUserPrincipal()" and digging into it. But it returns null. Then I realized
that I must make some additions/changes in the tomcat-users.xml and web.xml. But I am
not really clear as to what these additions/changes are and I have not found any good
resource on the web explaining the same. Heres how parts of my xml files look like:
---- snip begin [web.xml] -----
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Tomcat Manager Application</realm-name>
</login-config>
---- snip end [web.xml] -----
---- snip begin [tomcat-users.xml] -----
<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
<!-- Common name in the clients certificate is 3763 -->
<user name="3763" password="tomcat" roles="tomcat" />
</tomcat-users>
---- snip end [tomcat-users.xml] -----
The Common Name in the certificate is 3763 (the certificate I want to grant access
to). However I have know idea where the password comes into picture.
I am sure things are incorrect or missing, I'd really appreciate if anyone can help me.
Thanks
-Chaitresh
