Ok, when I set clientAuth to "want" the "Exception getting SSL Cert"
goes away. (Wtf is this documented?). But I still get the 403 - Access
denied error.
Here is how I added the users certificate to my realm:
web.xml:
<security-constraint>
<web-resource-collection>
<url-pattern>/html/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>myrole</role-name>>
</auth-constraint>
<user-data-constraint/>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
<security-role>
<role-name>myrole</role-name>
</security-role>
tomcat-users.xml:
<tomcat-users>
<role rolename="myrole"/>
<user username="EMAILADDRESS=mark... , CN=markus...., OU=..., O=...
, L=...., ST=... C=..." password="" roles="myrole"/>
</tomcat-users>
As username I used exactly the cert.getSubjectDN().getName() String
from the client certificate.
Is this ok?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
