THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Note: Tested with Tomcat 5.5.17, 5.5.20 and 5.5.2025
See also:
SSL Client Authentication (sometimes also known as "Client Certificate" authentication) uses the SSL protocol to authenticate clients based on a X509 Certificate. Normally this is accomlished accomplished by configuring SSL in Tomcat, and then configuring the Web Application's security descriptor to use "CLIENT-CERT" as the auth-method in the login-config section.
...
In trying to implement this, we found the only "standard conformant" solution was to install the web application multiple times with different authentication configurations. This solution was very unsatisfactory for us, as it leads to a duplication of services, and the serives services are accessible under different URLs/Ports depending on the desired security level. That just wasn't what we wanted.
...
- Tomcat Installation
- Your Webapplication
Wiki Markup - Server Certificate & Private Key
- Client Certificate & Private Key
- Certification Authority Public Certificates
- Working authentication realm
...
Now change your auth-method from "FROMFORM" to "CLIENT-CERT" and restart/redeploy your web-app. If you access your protected page you should now be prompted for a certificate by your browser. Select the installed certificate. If everything was configured correctly you should be authenticated based on your certificate, and taken to the protected page.
...
The code is tested with Tomcat 5.5.17, 5.5.20 and 5.5.2025. It will probably work with only minor modifications for other Tomcat 5.5 versions. It has been tested using Java 1.5.
...
Should you have questions about the code, please feel free to contact me (the Author) at: runger -AT- aon.at
...