• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat URL signing

 
Paal Olsen
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

First of all, I have to say that he question here is based on a migration project I have at work from Orion- to the Tomcat- webserver.
The thing I'd like some help with, is how to set up signing to applications; prefferably using SHA1withRSA, since that is the one we are using now and would probably cause a smoother migration?

What we use today on the orion webserver is:
https://??maskedaddress??/signing/servlet?app=Customer1_C&time=201101210831&invoice=200000260&path=main.jsp&acctID=12345678&mid=&kid=&sig=523a8a75cb0e3188ca139130702e...
Sig is the paramater that validates the signing. We have a keystore validation-file, and the customer have a keystore signingfile to make up the sig-paramter based on the others

Is there any way that this can be reused on Tomcat? and,,,how?
The app-parameter there is used access a file that has the info on which verifyingfile to be used from customer to customer

 
Tim Holloway
Saloon Keeper
Pie
Posts: 18281
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Paal! But please: http://www.coderanch.com/how-to/java/PatienceIsAVirtue

We don't get paid here, so we're not exactly manning the desks all day long.

Unless Orion does does something I don't know about, that behaviour is built into your webapp and not part of how Tomcat or any other webapp server works. Usually if there's a client-side authentication certificate involved, it's just a matter of making it available to the user's browser, and then the webserver and web client negotiate its use transparently.

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic