-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sushil,
On 10/29/13, 4:27 AM, Mark Thomas wrote: > On 29/10/2013 05:57, Sushil Prusty wrote: >> Hi All, >> >> >> In server.xml i need to setup clientauth value dynamically .Is >> there any java apace api available to set value at runtime or any >> other alternative option ? >> >> <Connector clientAuth="false" .......> > > The behaviour varies by connector. > > The BIO connector uses the value for clientAuth when the server > socket is created and doesn't update it. It looks like it should be > possible to update it dynamically but the code doesn't do that. > > The NIO connector uses the value for clientAuth at the point where > the client makes a connection. Therefore dynamic updates to > clientAuth (e.g. via JMX) should take effect with the next > attempted connection. > > The APR connector uses a different attribute so I guess you aren't > using it. For completeness, it uses the value when the server > socket is created and doesn't update it. It might be possible to > update it dynamically but the code doesn't do that. Another option is to set clientAuth="want" and then implement the cert-checking yourself. See a post of mine from the archives that includes the relatively-simple Java code to check the certificate chain (note that it's not using OCSP or anything like that): http://markmail.org/message/kzxsamuiu6bldjmv - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJScAIHAAoJEBzwKT+lPKRYxFEP/3jxMblvqFDjk0/1VTLm6UUz UdJqpZZBxkMgXnv91zslAMDNfUh/HcG8mjsyNPhKQNenYz9kT4hmoGNaszpZD3cX 64NQbDAvAxwKGFZHaQTSqH/0C9v1aZ97efrl+cagGhnPhZ50S+RCY3u5iD+btSQD p/uLzhaX46aiEbj6cxxWO13IZMLT42nTeGlyglGb5rHgdGZ8Uc/DBTGXus1dBGrK wrWzSQunOvVv3ZddmIwwxfrW9b/uuUMf6l0F28kp2aNhd0e4LfpxohtgfW7iO22h wzuwtqRqCphkAHQ2rUMnlcdG3pSSKZMvJb2TnmeLhNrkc80NHDLG2w1YhKPJdJ3S GN8ZQDpCHvHwoH2Duh23HSqrcAX1NPb9Jhr1Et3Wnf1YYV1eSRPX8fOSBUJVw/bj AYoppMy37C+Za8H+Bf8MsoAjZVSyRsADLbxX4h7dVDZZpE5hXtgBmtsWNsGxNXmC qdhLdpueMV2Pprm0jkcL9IuUjVvzwmEuzV9U9byiNjLsSU624OKp/hKZdIYbEWDM bBFR4+Ahv/IFpLdquTjtf/b/XgG5KCKRRoShLvnUjRTx/N5AHigpbXmskPY96a39 VoEgzC8RruEB0P6J9TOmwjGN7eMt9+WW6Y3SuOrDX4R6tV8lyRKqvUQHuL1CZm+k +C8Ps/w8y8Tl7JW7WBw4 =n0Y7 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
