On 29/02/2020 10:40, Michael Osipov wrote: > Am 2020-02-29 um 10:09 schrieb Thomas Meyer:
<snip/> >> Hi, >> >> Instead of configuring the container for client cert Auth change the >> webapp: >> 1) define a realm in local context.xml >> 2) add resp security constraint only for rest api calls > > This will not help. In this case that appears to be correct although it isn't generally correct. > You cannot configure cert-based auth from the > context.xml. True. You do that in web.xml. > Tomcat does not support renegotiation of TLS contexts based > on URLs like HTTPd. Yes it does. If you specify CLIENT-CERT auth for a sub-set of URLs Tomcat will trigger a renegotiation when one of those URLs is requested. You don't have the same fine-grained control you have in httpd but you can replicate the typical use cases. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
