Client Authentication with Tomcat [message #674652] |
Fri, 27 May 2011 17:43 |
Mark Leone Messages: 123 Registered: July 2009 |
Senior Member |
|
|
I have a RAP app running in Tomcat 6.x, with an SSL Connector configured to require client authentication (clientAuth="true"). The browser sends a cert to the server, as verified by requiring user confirmation. However when I try to access the User principal from the RAP app, it's null.
Here's the code I'm using, in the init() method of an editor. I also tried it in createPartControl().
RWT.requestThreadExec( new Runnable() {
run() {
Principal user = RWT.getRequest().getUserPrincipal();
...
}
} );
With the above, user is always null. I'm able to access the SSL session ID, however, with RWT.getRequest().getAttribute("javax.servlet.request.ssl_session")
I don't have any security constraints defined in the web app's web.xml, since the ssl connector requires client authentication. Is that required, in order to have a User Principal present on the session?
|
|
|
|
Powered by
FUDForum. Page generated in 0.02692 seconds