File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Tomcat URL signing Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Make it so: Java DB Connections & Transactions this week in the JDBC forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat URL signing" Watch "Tomcat URL signing" New topic

Tomcat URL signing

Paal Olsen

Joined: Jan 21, 2011
Posts: 2

First of all, I have to say that he question here is based on a migration project I have at work from Orion- to the Tomcat- webserver.
The thing I'd like some help with, is how to set up signing to applications; prefferably using SHA1withRSA, since that is the one we are using now and would probably cause a smoother migration?

What we use today on the orion webserver is:
Sig is the paramater that validates the signing. We have a keystore validation-file, and the customer have a keystore signingfile to make up the sig-paramter based on the others

Is there any way that this can be reused on Tomcat? and,,,how?
The app-parameter there is used access a file that has the info on which verifyingfile to be used from customer to customer

Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17280

Welcome to the JavaRanch, Paal! But please:

We don't get paid here, so we're not exactly manning the desks all day long.

Unless Orion does does something I don't know about, that behaviour is built into your webapp and not part of how Tomcat or any other webapp server works. Usually if there's a client-side authentication certificate involved, it's just a matter of making it available to the user's browser, and then the webserver and web client negotiate its use transparently.

An IDE is no substitute for an Intelligent Developer.
I agree. Here's the link:
subject: Tomcat URL signing
jQuery in Action, 3rd edition