Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.0
    • Fix Version/s: 2.1
    • Component/s: tomcat7
    • Labels:

      Description

      currently there seems to be no way to configure SSL connector settings like clientAuth what make it useless for certain certificate login tests and I always need a second, manually installed instance of Tomcat for this but I'm not able to just run tomcat7:run

      So it would be great so see some clientCert options in an upcoming version!

        Issue Links

          Activity

          Hide
          Glen Mazza added a comment -

          Might be a lot of work to put that capability into the embedded Tomcat. Tomcat7:run is primarily for hot deployment of webapps while you tweak your JSP's, CSS, javascripts, etc. If you're deploying in production on a standalone Tomcat, Tomcat-specific testing such as certificate login tests should probably be against a standalone Tomcat anyway.

          Show
          Glen Mazza added a comment - Might be a lot of work to put that capability into the embedded Tomcat. Tomcat7:run is primarily for hot deployment of webapps while you tweak your JSP's, CSS, javascripts, etc. If you're deploying in production on a standalone Tomcat, Tomcat-specific testing such as certificate login tests should probably be against a standalone Tomcat anyway.
          Hide
          Marcel Silberhorn added a comment -

          Dear Glen Mazza

          It's not production where this option is needed.
          For sure, mvn-tomcat is for development and integration-tests only!

          But please think about those who are writing security / authentication / authorization related things like filter. While jetty doesn't like filter chains (it's not possible to determine the right chain ordering for jetty) nor tomcat7:run will ask for x509 based authentication I have to manually deploy the webapp to a single tomcat instance which I have to setup (each developer has to know how too) or (more practically) have to use Eclipse WTP Tomcat Plugin instead of mvn-tomcat but have to download and "install" eclipse and did have this WTP thing many developers are getting into trouble with ;/ .

          So nevertheless it's used seldom: where is the problem, for me it's just one parameter in the servers connector settings.
          I currently doesn't understand the barriers.
          The certificates for the container are typically used from the users local keychain ~/.keystore

          Please let me know if I can do anything ...

          P.S: found this site: http://tomcat.apache.org/maven-plugin-2.0/executable-war-jar.html with the option list at the end:

           -clientAuth                            enable client authentication for
                                                  https
          

          will this fix my "problem"?

          Show
          Marcel Silberhorn added a comment - Dear Glen Mazza It's not production where this option is needed. For sure, mvn-tomcat is for development and integration-tests only! But please think about those who are writing security / authentication / authorization related things like filter. While jetty doesn't like filter chains (it's not possible to determine the right chain ordering for jetty) nor tomcat7:run will ask for x509 based authentication I have to manually deploy the webapp to a single tomcat instance which I have to setup (each developer has to know how too) or (more practically) have to use Eclipse WTP Tomcat Plugin instead of mvn-tomcat but have to download and "install" eclipse and did have this WTP thing many developers are getting into trouble with ;/ . So nevertheless it's used seldom: where is the problem, for me it's just one parameter in the servers connector settings. I currently doesn't understand the barriers. The certificates for the container are typically used from the users local keychain ~/.keystore Please let me know if I can do anything ... P.S: found this site: http://tomcat.apache.org/maven-plugin-2.0/executable-war-jar.html with the option list at the end: -clientAuth enable client authentication for https will this fix my "problem"?
          Hide
          Hudson added a comment -

          Integrated in TomcatMavenPlugin-mvn3.x #227 (See https://builds.apache.org/job/TomcatMavenPlugin-mvn3.x/227/)
          MTOMCAT-190 Client Certificate settings for connector (Revision 1440338)

          Result = SUCCESS
          olamy : http://svn.apache.org/viewvc/?view=rev&rev=1440338
          Files :

          • /tomcat/maven-plugin/trunk/tomcat7-maven-plugin/src/main/java/org/apache/tomcat/maven/plugin/tomcat7/run/AbstractRunMojo.java
          Show
          Hudson added a comment - Integrated in TomcatMavenPlugin-mvn3.x #227 (See https://builds.apache.org/job/TomcatMavenPlugin-mvn3.x/227/ ) MTOMCAT-190 Client Certificate settings for connector (Revision 1440338) Result = SUCCESS olamy : http://svn.apache.org/viewvc/?view=rev&rev=1440338 Files : /tomcat/maven-plugin/trunk/tomcat7-maven-plugin/src/main/java/org/apache/tomcat/maven/plugin/tomcat7/run/AbstractRunMojo.java
          Hide
          Olivier Lamy (*$^¨%`£) added a comment -
          Show
          Olivier Lamy (*$^¨%`£) added a comment - see new paramater clientAuth ( http://tomcat.apache.org/maven-plugin-2.1-SNAPSHOT/tomcat7-maven-plugin/run-mojo.html#clientAuth ) please test 2.1-SNAPSHOT.
          Hide
          Marcel Silberhorn added a comment -

          hi Olivier Lamy (*$^¨%`£), is there any test / SNAPSHOT repo available I can test with?

          Show
          Marcel Silberhorn added a comment - hi Olivier Lamy (*$^¨%`£) , is there any test / SNAPSHOT repo available I can test with?
          Show
          Olivier Lamy (*$^¨%`£) added a comment - see http://tomcat.apache.org/maven-plugin-2.1-SNAPSHOT/snapshot-test.html
          Hide
          Marcel Silberhorn added a comment -

          hi again Olivier Lamy (*$^¨%`£), thank you for this deep link and: It works as expected..great!
          Thank you very much!

          Show
          Marcel Silberhorn added a comment - hi again Olivier Lamy (*$^¨%`£) , thank you for this deep link and: It works as expected..great! Thank you very much!

            People

            • Assignee:
              Olivier Lamy (*$^¨%`£)
              Reporter:
              Marcel Silberhorn
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development