Grokbase Groups Tomcat users May 2003
FAQ
To keep this brief, here's what's on my brain:

I have the need to use SSL, client certificates (as far as I know this falls
under the term "PKI", please tell me if I'm incorrect) for my client-server
interaction. I plan to use Tomcat for Webapps but also have other software
server systems that the clients will be interacting with (browsers and
non-browsers).

I want to authenticate and authorize users via Tomcat's client-cert
functionality and Realms system, likely writing an auth plug-in for the
other software system to ask Tomcat for these features. Obviously the SSL
encrypt/decrypt will have to be added to this other system and the clients
that connect to it (or a SSH local-proxy setup on both ends), but the
session management, authentication and authorization can be passed off to
Tomcat (assuming I can integrate with them all).

In my searching for info, I found this bug:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4352

Hoping that doesn't stop me (or that it is fixed or will be real soon).

Any thoughts/suggestions/references would be greatly appreciated.

Thanks,

Colin Madere

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Search Discussions

  • Bill Barker at May 21, 2003 at 5:37 am
    Sorry, Bug #4352 is still open. AFAIK, without someone taking charge of it
    (e.g. submitting patches), it won't be fixed in the 4.1.x line. It may or
    may not be addressed in the 5.0.x line (currently: not).

    The good news is that it isn't too hard to write your own custom Realm to
    handle Client-Cert. There was a pretty good example posted on the list a
    couple of weeks back for the JNDIRealm. Look through the archives.

    "Madere, Colin" <colin.madere@ieminc.com> wrote in message
    news:51099AF2A526E94C855B96BEDDDA2409ADD5@dcserver.ieminc.com...
    To keep this brief, here's what's on my brain:

    I have the need to use SSL, client certificates (as far as I know this falls
    under the term "PKI", please tell me if I'm incorrect) for my
    client-server
    interaction. I plan to use Tomcat for Webapps but also have other software
    server systems that the clients will be interacting with (browsers and
    non-browsers).

    I want to authenticate and authorize users via Tomcat's client-cert
    functionality and Realms system, likely writing an auth plug-in for the
    other software system to ask Tomcat for these features. Obviously the SSL
    encrypt/decrypt will have to be added to this other system and the clients
    that connect to it (or a SSH local-proxy setup on both ends), but the
    session management, authentication and authorization can be passed off to
    Tomcat (assuming I can integrate with them all).

    In my searching for info, I found this bug:
    http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4352

    Hoping that doesn't stop me (or that it is fixed or will be real soon).

    Any thoughts/suggestions/references would be greatly appreciated.

    Thanks,

    Colin Madere



    ---------------------------------------------------------------------
    To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
    For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupusers @
categoriestomcat
postedMay 20, '03 at 8:10p
activeMay 21, '03 at 5:37a
posts2
users2
websitetomcat.apache.org
irc#tomcat

2 users in discussion

Madere, Colin: 1 post Bill Barker: 1 post

People

Translate

site design / logo © 2021 Grokbase