-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sanjeev,
On 2/9/12 11:17 AM, Sanjeev Sharma wrote: > I work on an java web-app running on Tomcat 7. The entire > application is required be doing SSL on port 443 (everything is > accessed via https://). Two different login options are given to > the user : username/password or client certificate authentication. > We employ application-managed security as opposed to > contain-manage (i.e. we don't use realms). I have the following > connector in my server.xml: > > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > keystoreFile="d:\certs\server_cert.jks" keystorePass="changeit" > truststoreFile="d:\certs\truststore.jks" truststorePass="changeit" > clientAuth="true" sslProtocol="TLS" /> > > > This forces mutual authentication on anything I try to access > using https. How can I configure tomcat so that only specific links > (a specific struts action for example) would require mutual > authentication or how can I exclude from the mutual > authentication. I think what you want is clientAuth="want" and then you can maybe write a Filter that requires certain SSL certificate features in order to pass-through. Then, just map your Filter to those areas that require (additional?) SSL authentication. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk85S5YACgkQ9CaO5/Lv0PBjvACgsBRoSZItgNLAHitL26tRiyZi kpwAoLZaJwAdka0o3OgkdcEgUyBYjpHm =FfBJ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
