On 17 Dec 2010, at 00:37, Steve Mitchell <mitch...@intertrust.com> wrote:
> I would like my Tomcat instance to authenticate different roles differently. > E.g., admins must use SSL client auth, while regular users use HTTP basic > authentication over SSL. This seems like a routine requirement, but it's > unsupported in Tomcat 6 (or 7). Look at the MultiRealm in the docs/svn. p > > I have a workaround -- use an Apache reverse proxy for authentication. The > disadvantages are that Tomcat roles are unavailable, and admin users and > regular users connect to the same resource with different URLs. > > The ideal solution would be to use SSL with selectable client authentication. > In this mode, HTTP basic authentication would be skipped if the client had > already presented a valid SSL client certificate. Can Tomcat be made to do > this? > > --Steve > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
