eid applet + Tomcat

251 views
Skip to first unread message

matthiayer

unread,
Aug 24, 2011, 5:33:57 AM8/24/11
to eID Applet
Hi,

I'm trying to install the eid applet on a Tomcat 7.0 server. I was
following the instructions on the video on Youtube:
http://www.youtube.com/watch?v=x1dARGV_zEQ
afterwards I tried to run it on Glassfish 3.1, but used the workaround
described here: http://groups.google.com/group/eid-applet/browse_thread/thread/8b1ef1174c540a93

this made it work on the Glassfish server, where I was able to put in
my pin code and get the rijksregister number

When I tried to run the same thing on the Tomcat 7.0 server I am not
getting the popup to put in my PIN-code, and get an ID back that is
Null, so I am not getting a Rijksregister number from the applet.

In my server i can find this:
INFO: The start() method was called on component
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/
mavenproject1-1.0-SNAPSHOT]] after start() had already been called.
The second call will be ignored.

maybe this has something to do with it.

Thanks already



Kurt De Wit

unread,
Aug 24, 2011, 8:24:33 AM8/24/11
to eid-a...@googlegroups.com
Did you enable HTTPS on your Tomcat server?

The eid-applet requires HTTPS to work which is, as far as I know,
disabled by default on Tomcat (at least on older versions)...

Citeren matthiayer <matthias....@gmail.com>:

> --
> You received this message because you are subscribed to the Google
> Groups "eID Applet" group.
> To post to this group, send email to eid-a...@googlegroups.com.
> To unsubscribe from this group, send email to
> eid-applet+...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/eid-applet?hl=en.
>
>


Kurt

unread,
Aug 24, 2011, 8:27:18 AM8/24/11
to eID Applet
Did you enable HTTPS on your Tomcat server?
The eid-applet requires HTTPS which is, at least on older versions of
Tomcat, disabled by default.

matthiayer

unread,
Aug 24, 2011, 9:00:55 AM8/24/11
to eID Applet
update:

I have been working a bit, and I am having some error messages in my
tomcat log:

24-aug-2011 14:51:42 org.apache.catalina.core.StandardWrapperValve
invoke
SEVERE: Servlet.service() for servlet [IdentificationServlet] in
context with path [/beidtest] threw exception [JNDI error: Name module
is not bound in this Context] with root cause
javax.naming.NameNotFoundException: Name module is not bound in this
Context
at org.apache.naming.NamingContext.lookup(NamingContext.java:803)
at org.apache.naming.NamingContext.lookup(NamingContext.java:159)
at org.apache.naming.SelectorContext.lookup(SelectorContext.java:158)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at
be.fedict.eid.applet.service.impl.ServiceLocator.locateService(ServiceLocator.java:
61)
at
be.fedict.eid.applet.service.impl.handler.HelloMessageHandler.handleMessage(HelloMessageHandler.java:
266)
at
be.fedict.eid.applet.service.impl.handler.HelloMessageHandler.handleMessage(HelloMessageHandler.java:
61)
at
be.fedict.eid.applet.service.AppletServiceServlet.doPost(AppletServiceServlet.java:
310)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
304)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
210)
at
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:
393)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:
243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:
240)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:
164)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:
462)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
164)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:
100)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
563)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
399)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
317)
at org.apache.coyote.http11.Http11Protocol
$Http11ConnectionHandler.process(Http11Protocol.java:204)
at org.apache.coyote.http11.Http11Protocol
$Http11ConnectionHandler.process(Http11Protocol.java:182)
at org.apache.tomcat.util.net.JIoEndpoint
$SocketProcessor.run(JIoEndpoint.java:311)
at java.util.concurrent.ThreadPoolExecutor
$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor
$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)

my web.xml looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<servlet>
<servlet-name>IdentificationServlet</servlet-name>
<servlet-
class>be.fedict.eid.applet.service.AppletServiceServlet</servlet-
class>
<init-param>
<param-name>IncludePhoto</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>AuthenticationService</param-name>
<param-value>java:global/com.mycompany_beidtest_war_1.0-
SNAPSHOT/MyAuthenticationServiceBean</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>PhotoServlet</servlet-name>
<servlet-class>be.fedict.eid.applet.service.PhotoServlet</
servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>IdentificationServlet</servlet-name>
<url-pattern>/identification-service</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>PhotoServlet</servlet-name>
<url-pattern>/photo.jpg</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
</web-app>

I was looking on options to change this line because I thougt the
problem was there:

<param-value>java:global/com.mycompany_beidtest_war_1.0-
SNAPSHOT/MyAuthenticationServiceBean</param-value>

but I don't have any experience with Tomcat servers and can't find the
right information.

Thanks
On Aug 24, 11:33 am, matthiayer <matthias.de.mae...@gmail.com> wrote:
> Hi,
>
> I'm trying to install the eid applet on a Tomcat 7.0 server. I was
> following the instructions on the video on Youtube:http://www.youtube.com/watch?v=x1dARGV_zEQ
> afterwards I tried to run it on Glassfish 3.1, but used the workaround
> described here:http://groups.google.com/group/eid-applet/browse_thread/thread/8b1ef1...

Frank Cornelis

unread,
Aug 24, 2011, 11:47:06 AM8/24/11
to eid-a...@googlegroups.com
Hi Matthias,


A servlet container has no JNDI context, only a full blown application
server does.
When running in plain servlet containers, you can use the
AuthenticationServiceClass init-param instead of the
AuthenticationService init-param to point to your implementation of the
AuthenticationService SPI.


Kind Regards,
Frank.

matthiayer

unread,
Aug 24, 2011, 11:55:12 AM8/24/11
to eID Applet
yes this is ok (https)

i was able to authenticate. (I had things wrong in the web.xml, now I
used AuthenticationServiceClass instead of AuthenticationService and
changed the path to MyAuthenticationServiceBean)
using the workaround in this thread:
http://groups.google.com/group/eid-applet/browse_thread/thread/8b1ef1174c540a93
everything works, no more errors.
but in this way I'm only able to get the Rijksregisternumber, and i
need the certificate serial number.

Any help on this?

Thank You,

Matthiayer
> xsi:schemaLocation="http://java.sun.com/xml/ns/javaeehttp://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

Cornelis Frank

unread,
Aug 25, 2011, 2:06:06 AM8/25/11
to eid-a...@googlegroups.com
Hi Matthias,


From the eID Applet developer's guide:

3.1.3. eID Certificates
If you need to have explicit access to the eID citizen certificates, you can instruct the eID Applet
to extract the certificates via the following eID Applet Service servlet configuration:
<init-param>
<param-name>IncludeCertificates</param-name>
<param-value>true</param-value>
</init-param>
After a successful eID identification, the certificates will be available as session attributes of
Java type java.security.cert.X509Certificate . The authentication certificate will be
available as eid.certs.authn session attribute. The non-repudiation (i.e. signature) certificate
will be available as eid.certs.sign session attribute. The intermediate Citizen CA certificate
will be available as eid.certs.ca session attribute. The Root CA certificate will be available as
eid.certs.root session attribute.

3.2.5. eID Certificates
If you need to have explicit access to the eID citizen certificates, you can instruct the eID Applet
to extract the certificates via the following eID Applet Service servlet configuration:
<init-param>
<param-name>IncludeCertificates</param-name>
<param-value>true</param-value>
</init-param>
After a successful eID authentication, the certificates will be available as session attributes
of Java type java.security.cert.X509Certificate . The authentication certificate will be
available as eid.certs.authn session attribute. The non-repudiation (i.e. signature) certificate
will be available as eid.certs.sign session attribute. The intermediate Citizen CA certificate
will be available as eid.certs.ca session attribute. The Root CA certificate will be available as
eid.certs.root session attribute.


Kind Regards,
Frank.
________________________________________
Van: eid-a...@googlegroups.com [eid-a...@googlegroups.com] namens matthiayer [matthias....@gmail.com]
Verzonden: woensdag 24 augustus 2011 17:55
Aan: eID Applet
Onderwerp: [eid-applet] Re: eid applet + Tomcat

Any help on this?

Thank You,

Matthiayer

--

Reply all
Reply to author
Forward
0 new messages