-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David,
> From outside however, we want to force authentification on all the > webapp. So we would like to have a security-constraint on / that > applies *only* when webapp is reached using SSL connector. You might be able to avoid the entire problem by using a VPN. Is that an acceptable change in strategy? What about client certificates? I think you're going to seriously complicate your application to add this requirement. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzZxA9CaO5/Lv0PARAvOuAKCo7gSdhMUdvtdLcWrvT4EsR7ZhyQCfaQcG Qowp91xWkZYt1Gs4CtT8SNw= =kq0I -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
