This is not correct. Tomcat does support CLIENT-CERT authentication 'out-of-the-box'. When combined with appropriate authorisation constraints in web.xml you can limit access to specific URLs.
I have this working quite happily. Mark > -----Original Message----- > From: Rommel Sharma [mailto:[EMAIL PROTECTED] > Sent: Monday, February 23, 2004 11:28 AM > To: Tomcat Users List > Subject: Re: tomcat certificate > > Tomcat as such on its own does not parse and validate a certificate. > I don't think its possible. You can identify a client through the > certificate alias the client uses. > Access to specific URLs depends on the server certificate > where you specify > the URL and send the client your public key. > I think there is no automatic mechanism in Tomcat that studies the > certificate and allows access to specific URLs. This needs to > be implemented > by any our deployed programs. > > ----- Original Message ----- > From: "secam secam" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Monday, February 23, 2004 4:17 PM > Subject: Re: tomcat certificate > > > Thanks, > > > > Here is my real problem, > > > > I've got an external server that authentificate user and deliver a > certicate with the trio User/Group/Role. > > > > In fact, i just want that the certificate give information > of the user to > tomcat in order to permit the access to some specifics url. > > > > Is it possible? > > > > Regard's > > > > Secam > > > > Rommel Sharma <[EMAIL PROTECTED]> wrote: > > If you mean two way authentication using SSL, then you have > to write the > > code that reads clients certificate and matches it with one > present in > > client keystore on the server. You enable client authentication in > > server.xml for this and specify the serverkeystore and > password in it. > > Regards, > > Rommel Sharma. > > > > ----- Original Message ----- > > From: "secam secam" > > To: > > Sent: Monday, February 23, 2004 3:30 PM > > Subject: tomcat certificate > > > > > hello, > > > > > > I'm a new user of tomcat. > > > Can tomcat authenticate a user with a certifcate ? > > > > > > Thanks, > > > Secam > > > > > > > > > --------------------------------- > > > Yahoo! Mail : votre e-mail personnel et gratuit qui vous > suit partout ! > > > Cr�ez votre Yahoo! Mail > > > > ********************************************************* > > Disclaimer > > > > This message (including any attachments) contains > > confidential information intended for a specific > > individual and purpose, and is protected by law. > > If you are not the intended recipient, you should > > delete this message and are hereby notified that > > any disclosure, copying, or distribution of this > > message, or the taking of any action based on it, > > is strictly prohibited. > > > > ********************************************************* > > Visit us at http://www.mahindrabt.com > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------- > > Yahoo! Mail : votre e-mail personnel et gratuit qui vous > suit partout ! > > Cr�ez votre Yahoo! Mail > > ********************************************************* > Disclaimer > > This message (including any attachments) contains > confidential information intended for a specific > individual and purpose, and is protected by law. > If you are not the intended recipient, you should > delete this message and are hereby notified that > any disclosure, copying, or distribution of this > message, or the taking of any action based on it, > is strictly prohibited. > > ********************************************************* > Visit us at http://www.mahindrabt.com > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
