-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alec,
On 6/3/2009 12:25 PM, Alec Swan wrote: > Bill, thank you for your feedback. I read up on CLIENT-CERT and am now > surprised that Bill was the only one to mention it. It sounds like > CLIENT-CERT is the scheme that we should. We can generate certificates and > ask our customer to distribute it to its users and have them install > certificates in their browsers. > > Is there a reason why not many people recommended CLIENT-CERT authentication > on this thread? We assumed that your stated requirements were accurate. A second application deployment didn't seem like an option. Note that CLIENT-CERT cannot be used alongside BASIC/DIGEST or FORM authentication within the same application: you'll need to deploy the application twice, each with a different authentication scheme. Of course, there are ways to do this with code if you follow my suggestion of having a service-only URL available that handles authentication differently than the rest of the application. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkon+MIACgkQ9CaO5/Lv0PA0xwCeLSgL5zcnwsHfYof6+KcXYjlc EzkAoML3rgGqMVh9pJDU51QqUph6yLVQ =64oX -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
