permaculture playing cards
The moose likes Tomcat and the fly likes Tomcat URL signing Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat URL signing" Watch "Tomcat URL signing" New topic

Tomcat URL signing

Paal Olsen

Joined: Jan 21, 2011
Posts: 2

First of all, I have to say that he question here is based on a migration project I have at work from Orion- to the Tomcat- webserver.
The thing I'd like some help with, is how to set up signing to applications; prefferably using SHA1withRSA, since that is the one we are using now and would probably cause a smoother migration?

What we use today on the orion webserver is:
Sig is the paramater that validates the signing. We have a keystore validation-file, and the customer have a keystore signingfile to make up the sig-paramter based on the others

Is there any way that this can be reused on Tomcat? and,,,how?
The app-parameter there is used access a file that has the info on which verifyingfile to be used from customer to customer

Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17410

Welcome to the JavaRanch, Paal! But please:

We don't get paid here, so we're not exactly manning the desks all day long.

Unless Orion does does something I don't know about, that behaviour is built into your webapp and not part of how Tomcat or any other webapp server works. Usually if there's a client-side authentication certificate involved, it's just a matter of making it available to the user's browser, and then the webserver and web client negotiate its use transparently.

An IDE is no substitute for an Intelligent Developer.
subject: Tomcat URL signing
It's not a secret anymore!