Results 1 to 1 of 1

Thread: Spring Security + X.509 + Tomcat 6 + metro 2.1.1

  1. Oct 29th, 2011, 03:54 PM #1
    pauldavidgilligan
    pauldavidgilligan is offline Junior Member
    Join Date
    Sep 2011
    Location
    Dublin Ireland
    Posts
    16

    Default Spring Security + X.509 + Tomcat 6 + metro 2.1.1

    Hi,

    I had a chance to revisit the issues with X.509 authentication on Tomcat on Metro2.1.1 and got it all working. My issue before was that some of the books in security are a bit vague.

    1. I checkout URL: https://src.springframework.org/svn/...-security/tags

    2. Copied and modified spring-security-3.0.0.RELEASE/samples//tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml as I am using the standard JDBC spring implementation tables:

    Code:
       <jdbc-user-service data-source-ref="JNDIDataSource"/>
    3. Tomcat's server.xml is setup with :


    Code:
     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               keystoreFile="/var/pscs/data/certs/server/<HOSTNAME>.keystore" keystorePass="<PASSWORD>"
               truststoreFile="/var/pscs/data/certs/server/<HOSTNAME>.truststore" truststorePass="<PASSWORD>"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="true" sslProtocol="TLS" />
    Note : clientAuth="true"

    4. Did the normal exchange of certificates between host and client, added client certificates into servers trust store.

    Note : Subject: CN=pgilliga, OU=operations, L=London, ST=GreaterLondon, O=xxxx.co.uk, C=GB, EMAILADDRESS=support@xxxxx.co.uk
    5. adding the username pgilliga into the databases users table authenticates:

    Code:
    DEBUG [X509AuthenticationFilter] Authentication success: org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken@2a0f7ec4: Principal: org.springframework.security.core.userdetails.User@7476eb71: Username: pgilliga; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_APPR,ROLE_INT,ROLE_IOP,ROLE_KOP,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2cd90: RemoteIpAddress: 84.203.194.60; SessionId: B0E8573D8F4730251C7DDB3F81A678F3; Granted Authorities: ROLE_ADMIN, ROLE_APPR, ROLE_INT, ROLE_IOP, ROLE_KOP, ROLE_USER

    6. Testing

    As it was rest I tested from a browser on my MAC. Setup my certificate in my keychain access and added the cert from the host.

    Then set both to trusted.

    Interestingly both Chrome and Firefox would not do the CA auth ok ut safari did.
    Last edited by pauldavidgilligan; Oct 29th, 2011 at 03:59 PM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules