DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=29622>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=29622 HttpServletRequest.getAuthType() always returns null [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From [EMAIL PROTECTED] 2004-06-16 20:16 ------- getAuth() returns CLIENT-CERT for me. org.apache.catalina.authenticator.SSLAuthenticator.authenticate() has this code before it returns: // Authenticate the specified certificate chain principal = context.getRealm().authenticate(certs); if (principal == null) { if (debug >= 1) log(" Realm.authenticate() returned false"); hres.sendError(HttpServletResponse.SC_UNAUTHORIZED, sm.getString("authenticator.unauthorized")); return (false); } // Cache the principal (if requested) and record this authentication register(request, response, principal, Constants.CERT_METHOD, null, null); register() sets the auth method (Constants.CERT_METHOD) on the request. Seems that you're returning before register() is being called, ie, the subject DN in your client's cert fails to be authenticated against the realm. In case you're using the memory realm, did you add a <user> element with a username matching the subject DN of your client cert to your tomcat-users.xml? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
