Nick, never done it, but I think, yes you can.
You cant directly integrate them, if the SSL client auth fails in the
handshake, thats it, tomcat wont smell that request.
But you will get an error, and that means you should be able to make a
custom error page..... on that you say, "You who doesnt want to pay
Verisign.... click here to log in".
In your pages.... and I forget the details, you "can" check if its an SSL
connection, and whether the user has logged in.... so if neither, they get
sent to the log in page, if SSL is active or user is logged in.... they
proceed. On the login page, you have a link to the SSL easy access page.
Something like that... interesting project.
----- Original Message -----
From: "Nick Duan" <[EMAIL PROTECTED]>
To: <users@tomcat.apache.org>
Sent: Wednesday, June 20, 2007 2:17 PM
Subject: Combining form-based authentication with client-cert authentication
Is there anyway to allow both client-cert authentication and form-based
authentication to work together in Tomcat? or J2EE web servers in
general?
I'd like to have users to log in to an web app using either user cert or
username/password. If a user doesn't have a cert, the login page will
show up.
Thanks!
ND
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
