I am working on web application to achieve certificate based login. I am using tomcat 7 and i have configured http connector as below and also auth-method configured as CLIENT-CERT on my project web.xml
<Connector SSLEnabled="true" clientAuth="false" connectionTimeout="20000" crlFile="C:\\Users\\certcrl.crl" keystoreFile="C:\\Users\\tomcat.keystore" keystorePass="changeit" keystoreType="JKS" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS" truststoreFile="C:\\Users\\tomcat.truststore" truststorePass="changeit" truststoreType="JKS"/>
<security-constraint>
<display-name>SecurityFilter</display-name>
<web-resource-collection>
<web-resource-name>UCMSFilter</web-resource-name>
<url-pattern>/**</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>TRACE</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>UCMSFilter</realm-name>
</login-config>
when i configure clientAuth=true it is working fine because it ignores web.xml configuration but where as when i set it to false it throws me error I want clientauth=false since i want to prompt the user for certificate after loading login page .
When start the application it ask to authenticate ssl certificate as soon as i authenticate the server certificate it throws me following error after this client cert is prompted but when i select that certificate it results in same exception socket closed
java.net.SocketException: Socket Closed
at java.net.AbstractPlainSocketImpl.setOption(Unknown Source)
at java.net.PlainSocketImpl.setOption(Unknown Source)
at java.net.Socket.setSoTimeout(Unknown Source)
at sun.security.ssl.SSLSocketImpl.setSoTimeout(Unknown Source)
at org.apache.tomcat.util.net.jsse.JSSESupport.handShake(JSSESupport.java:204)
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:153)
at org.apache.coyote.http11.Http11Processor.actionInternal(Http11Processor.java:344)
at org.apache.coyote.http11.AbstractHttp11Processor.action(AbstractHttp11Processor.java:849)
at org.apache.coyote.Request.action(Request.java:344)
at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:137)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:947)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
please help me in this regard.
