|
Page 2 of 2
Step 4: Enable SSL connections via the web.xml file
The last step signifies that we want to enable SSL connections on our
Tomcat installation. For this purpose, in the same web.xml file, add
the following (or uncomment, if already present).
<Connector
port="8443" maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
scheme="https" secure="true"
clientAuth="false"
sslProtocol="TLS" />
This specifies that port 8443 should be opened for receiving
TLS requests (TLS is a modified version of the SSL protocol) using the
https method, instead of the traditional http.
Provided we have done everything specified earlier correctly, our job
is done! Now, restart Tomcat, open browser, and type the appropriate
URL for Test.jsp. This should redirect our request to port 8443, and
show us the following screen.
Click on OK. It should display the following screen.
We can view the certificate details by clicking on the said button
above. This will show us the details of the certificate the way we had
provided earlier. If we click on OK, the following screen appears.
This proves that we are being asked for the user id and password (i.e.
authentication is enabled) and also that SSL is being used (from the
URL mentioned in the above screen).
If we provide the right user id and password (as specified in step 1
earlier), we would be allowed access to Test.jsp. Otherwise, we would
be told that authentication has failed.
That is all that takes us to enable secure user id-password based and
SSL-enabled authentication in Tomcat.
Related -
Returning Arrays or Objects - A Security Problem in Java
Using the Java ByteCode Verifier To Prevent Malicious Access
---
 Atul
Kahate writes about Java Security in this monthly
column on IndicThreads.com. Atul is the author of 13 books including
"Cryptography
and Network Security".
He is currently a Project Manager at i-flex solutions limited, Pune,
India. Atul can be reached at (akahate at gmail
dot com)
---
|
Comment by GUEST on 2008-05-21 03:08:34
i have a java programs,oath signature also,herongyang crypto programs etc,how can i use this to sign a file ,how to prepare a software to sign automatically, any familier .com is there please help me,,,,, my email id is :narendra.bala@gmail.com
|
Comment by ajith.ngl@gmail.com on 2008-07-18 04:02:21
Hi i could not able to create a keystore file. i am getting Filenotfoundexception. ANy help? |
Comment by bhargeshmehta@yahoo.com on 2008-09-19 04:07:05
Too much good artical. |
Comment by Anonymous on 2008-09-23 03:08:08
Step 2 mentions about creating the keystore file. But I could not find out how the keystore is getting linked to the web application. Do we specify the file name in any of the web app property files. |
Comment by sandeep on 2008-10-07 00:42:54
hey, is there another way for authentication in tomcat. e.g. apache authentication htpassword file. |
|
Home | 
