Hi
I know that Servlet specification 2.4 present four maners to authenticate
users (in a CMS way to do this): basic, digest, form or client-cert. What i
need is to provide a way to authenticate users by passwords or client
certificates at the same time. If a user has a certificate he can use it, but
if dont have, he can login with login/password too.
The web.xml DTD, however, accept only one entry to login-config tag. A
possible way to do this is to configure tomcat´s server.xml to ask for client
certificates aways (clientAuth="want") and so, programmatically recover
certificate used. If this value is null them show the login form with
response.setStatus(response.SC_UNAUTHORIZED); and
response.setHeader("WWW-Authenticate", "BASIC realm=\"privileged-few\"");
Works ?
Tanks !
Leandro P.
