| Author |
Tomcat URL signing
|
Paal Olsen
Greenhorn
Joined: Jan 21, 2011
Posts: 2
|
|
Hi
First of all, I have to say that he question here is based on a migration project I have at work from Orion- to the Tomcat- webserver.
The thing I'd like some help with, is how to set up signing to applications; prefferably using SHA1withRSA, since that is the one we are using now and would probably cause a smoother migration?
What we use today on the orion webserver is:
https://??maskedaddress??/signing/servlet?app=Customer1_C&time=201101210831&invoice=200000260&path=main.jsp&acctID=12345678&mid=&kid=&sig=523a8a75cb0e3188ca139130702e...
Sig is the paramater that validates the signing. We have a keystore validation-file, and the customer have a keystore signingfile to make up the sig-paramter based on the others
Is there any way that this can be reused on Tomcat? and,,,how?
The app-parameter there is used access a file that has the info on which verifyingfile to be used from customer to customer
|
 |
Tim Holloway
Saloon Keeper
Joined: Jun 25, 2001
Posts: 14460
|
|
Welcome to the JavaRanch, Paal! But please: http://www.coderanch.com/how-to/java/PatienceIsAVirtue
We don't get paid here, so we're not exactly manning the desks all day long.
Unless Orion does does something I don't know about, that behaviour is built into your webapp and not part of how Tomcat or any other webapp server works. Usually if there's a client-side authentication certificate involved, it's just a matter of making it available to the user's browser, and then the webserver and web client negotiate its use transparently.
|
Customer surveys are for companies who didn't pay proper attention to begin with.
|
|
 |
|
|
subject: Tomcat URL signing
|
|
|
0
