2014-05-04 3:31 GMT+04:00 Dhayanidhi sundaramoorthi <dhayamoorthi2...@gmail.com>: > Hi, > > In Tomcat7, we are trying to do client certificate authentication using > datasource realm. But it fails. > > Please fnd the configuration below: > > server.xml: > ---------------- > <?xml version="1.0" encoding="UTF-8" standalone="no" ?> > <Server port="8005" shutdown="SHUTDOWN"><Listener SSLEngine="on" > className="org.apache.catalina.core.AprLifecycleListener"/> > <Listener className="org.apache.catalina.core.JasperListener"/> > <Listener > className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/> > <Listener > className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/> > <Listener > className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/> > <!-- <GlobalNamingResources><Resource auth="Container" description="User > database that can be updated and saved" > factory="org.apache.catalina.users.MemoryUserDatabaseFactory" > name="UserDatabase" pathname="conf/tomcat-users.xml" > type="org.apache.catalina.UserDatabase"/> > </GlobalNamingResources> --> > <Service name="Catalina"> > <Connector SSLEnabled="true" clientAuth="true" connectionTimeout="10000" > keyAlias="masfed_server_dit" > keystoreFile="/opt/ADP/keystores/masfed_server_dit.jks" keystorePass="sso@di"
It is a public list, do you know? You may want to change your passwords. > maxThreads="150" port="8443" > protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" > secure="true" server="Server" sslProtocol="TLS" > truststorefile="/opt/ADP/keystores/masfed_server_dit.jks" > truststorepass="sso@di" enablelookups="false"/> > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/> > <Engine defaultHost="localhost" name="Catalina"> > <GlobalNamingResources> > <Realm className="org.apache.catalina.realm.DataSourceRealm" > dataSourceName="jdbc/FederationDS" > userTable="T_USER" userNameCol="USERNAME" userCredCol="PASSWORD" > userRoleTable="T_USER_ROLES" roleNameCol="ROLENAME" debug="99" > allRolesMode="authOnly" /> This is a wrong place for a <Realm> element. Here it will be silently ignored. When parsing server.xml only known and expected XML elements are recognized. All others are silently ignored. I do not see a DataSource configuration anywhere. > </GlobalNamingResources> > > <Host appBase="webapps" autoDeploy="true" name="localhost" > unpackWARs="true"><Valve > className="org.apache.catalina.valves.AccessLogValve" directory="logs" > pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log." > suffix=".txt"/> > </Host> > </Engine> > </Service> > </Server> > > > security role configuration <tomcat_base>/conf/web.xml: The conf/web.xml file is a wrong place for your configuration. It should be in your webapp's own WEB-INF/web.xml file, not in the global one. > --------------------------------------------------------------------------------- > > <security-role> > <role-name>masFedClient</role-name> > </security-role> > <security-constraint> > <web-resource-collection> > <web-resource-name>all</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>masFedClient</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > <login-config> > <auth-method>CLIENT-CERT</auth-method> > <!-- <realm-name>tomcat-users</realm-name> --> > <realm-name>jdbc/FederationDS</realm-name> The realm-name is the message shown to users when using DIGEST or BASIC authentication. It has not relation to Tomcat's realms. > </login-config> > > Database has all the required tables and columns. > (...) --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
