BaseCertLoginModule working, but browser has a 403 in Tomcat
rollin368 Oct 20, 2005 6:28 PMI am trying to get client certificate access going for evaluation. When I trace the system it looks like the following DO happen.
1) My browser certificate is matched with my server's store (am using one keystore right now).
2) Roles are being assigned from what I can see.
Despite all of this I get an "HTTP STATUS 403 - Access to the requested resource has been denied". I have been using Chapter 8 of the documentation as reference.
* On another note, I was curious if anyone has used LDAP to store their certificates as well.
Some of my log file is the following, thank you!
=========================
2005-10-20 18:22:41,316 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule]
enter: validateCredentail(String, X509Certificate)
2005-10-20 18:22:41,316 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule]
Supplied Credential: 5b7369c45719e1e2d94607755d29a8ea
CN=rollin, OU=Terms of use at www.verisign.com/cps/testca (c)05,
OU=TFCCS, O=TSG, L=Boston, ST=Massachusetts, C=US
Existing Credential: 5b7369c45719e1e2d94607755d29a8ea
CN=rollin, OU=Terms of use at www.verisign.com/cps/testca (c)05,
OU=TFCCS, O=TSG, L=Boston, ST=Massachusetts, C=US
2005-10-20 18:22:41,316 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule]
The supplied certificate matched the certificate in the keystore.
2005-10-20 18:22:41,316 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule]
exit: validateCredentail(String, X509Certificate)
2005-10-20 18:22:41,316 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule]
User 'CN=rollin, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=TFCCS,
O=TSG, L=Boston, ST=Massachusetts, C=US' authenticated, loginOk=true
2005-10-20 18:22:41,316 DEBUG [org.jboss.security.auth.spi.BaseCertLoginModule]
exit: login()
2005-10-20 18:22:41,326 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule
] initialize, instance=@5487610
.
.
.
2005-10-20 18:22:41,336 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule
] commit, loginOk=true
2005-10-20 18:22:41,346 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRea
lm] User: CN=rollin, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=TF
CCS, O=TSG, L=Boston, ST=Massachusetts, C=US is authenticated
2005-10-20 18:22:41,346 TRACE [org.jboss.security.SecurityAssociation] pushSubje
ctContext, subject=Subject:
Principal: CN=rollin, OU=Terms of use at www.verisign.com/cps/testca (c)
05, OU=TFCCS, O=TSG, L=Boston, ST=Massachusetts, C=US
Principal: Roles(members)
Principal: verisign.com/cps/testca (c)05, OU=TFCCS, O=TSG, L=Boston, ST=
Massachusetts, C=US(members:JBossAdmin,HttpInvoker)
Public Credential: [
[
Version: V3
Subject: CN=rollin, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=T
FCCS, O=TSG, L=Boston, ST=Massachusetts, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
===========================================