Make the following call in your app (before you try to use jsse stuff): Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Alternatively, you can add the following line to your
Also, once you have all that working, if you use the following
property, all the details of the SSL handshake are printed out in case
you're interested in that kind of detail:
javax.net.debug=all
From Jan
base authentication
--------------------------------------------------------------------------
I am not sure I understand, since I did not have a chance yet to deal
with certificates. I just first created the certificate for heechee,
and then created another certificate for heechee and signed it with
the first one. It is described in my INSTALL notes. (i.e, README file
in to directory of apache install).
The certificates and reside in /usr/local/apache_t3.1b1/conf/ssl*
There are README files in these directories. When you see "openssl" use
"/usr/local/apache_t3.1b1/sources/openssl-0.9.5/apps/openssl"
You need to be a root for most of it.
Read comments in /usr/local/apache_t3.1b1/conf/httpd.conf
SSLCertificateFile /usr/local/apache_t3.1b1/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache_t3.1b1/conf/ssl.key/server.key
I only have application/x-x509-ca-cert (crt) which is self signed.
I do not have any CA stuff.
At the same time, for the time being, you probably can just take the
file: /usr/local/apache_t3.1b1/conf/ssl.crt/server.crt
which has the certificate in it, and just read it into the servlet.
I will look for things on the net, I do not know why you need it.
But this I know for sure:
Tomcat DOES NOT KNOW ANYTHING about certificates. It does not even
know if HTTP or HTTPS is used (the only thing it knows is the PORT,
and for the given installation you can guess if this is HTTP/HTTPS by
checking the port number). No info about encryption/authentication
is not passed from Apache to Tomcat via Connector. Tomcat by
definition does not know about cyphers, certificates, etc, which
were used for current login. The only thing Tomcat gets is the
user name as getRemoteUser, and the authorization: header if present.
Apache does all authentication and HTTPS, and does not really pass any
info to Tomcat. Therefore servlets have no access to it.
In simple terms, Apache is a FireWall, and if you get through it, Tomcat
does not check if you are authorized. The only thing it gets via connector
protocol is the UserId (REMOTE_USE CGI variable).
----------------------------------------------------------------------------
> 2. Can you install JSSE1.0.1 on heechee? http://java.sun.com/products/jsse/
> (go for US encryprion grade)
> This involves unzip and adding 3 jar files to classpath.
Installed... You need to logout as webflow1 and log in again
for the things to be visible.
Alternatively you can do source /home/webflow1/.cshrc
----------------------------------------------------------------------------
you can play with this first with the HTTP port 9080
telnet heechee.osc.edu 9080
GET /SciPortal/IOR HTTP/1.0
HTTP/1.1 401 Authorization Required
Date: Wed, 05 Apr 2000 17:11:33 GMT
Server: Apache/1.3.12 (Unix) mod_ssl/2.6.2 OpenSSL/0.9.5 tomcat/1.0
WWW-Authenticate: Basic realm="For internal users only"
Connection: close
Content-Type: text/html; charset=iso-8859-1
..........
Bitches that password needed
..........
Connection closed by foreign host.
==============
By sending a header line:
WWW-Authenticate: Basic realm="For internal users only"
it requests the authentication. The user's browser now displays
the Login Box for the user, and user enters id/pass, browser then
does request again, but this time with a line in the header like:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
where the giberish is a base64 encoded id/password.
Check:
http://sifu.rindu.net/course/one/freesoft/CIE/RFC/1945/67.htm
Problem is that with HTTPS there is an SSL stuff around it.
If you know how to do HTTPS URLs you can do it. I hope the stuff is
written by someone else...
I forgot to say that in my Tomcat FAQ
http://www.ccl.net/cca/software/UNIX/apache/tomcatfaq.shtml
I have a snippet in java which you can use to fool Basic Authentication.
Check: Authentication with Tomcat/Jakarta
The problem is that you need to decode the Id:Pass string in the Portal,
and then pass it to the code which get IOR. You are on the server.
When you do my form
http://heechee.osc.edu:9080/SciPortal/TestForm.html,
click submit, and then end up with;
http://heechee.osc.edu:9080/SciPortal/servlet/formInputTest
you will see thereL
.......
Name and Value from the request HEADER
........
authorization : Basic amtsOjB1clBTRQ==
From this you can grab id:password
==========================================================================