"Luis Pascual Forner" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > I need autheticate ONLY with client certificate (i.e., I don't want > to check any user's database) . I did that follow: > > 1. I write a "X509Realm", with a method "authenticate" that > only check the validity of each certificate in the > certification's chain (don't check if the user exists in > any database). > 2. Declare this new class in > "org/apache/catalina/realm/mbeans-descriptors.xml" and > "rg/apache/catalina/mbeans/mbeans-descriptors.xml". > 3. Edit "server.xml" and configure the realm. > 4. Edit "web.xml" to set the auth-method to "CLIENT-CERT" > 5. Put "X509Realm.class" and "mbeans-descriptors.xml" in > "server/classes", with the correct path. > 6. Restart Tomcat. > > Now, I can authenticate with X509 certificate, and get the > client certificate with > getAttribute("javax.servlet.request.X509Certificate"). But, > sometimes, this method returns null. Why? >
Almost certainly means that the client didn't send a cert. But more info on your setup would get a better response. For example are you using the APR or the JIO Connector? > regards > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
