> From: Benoit Maupas [mailto:bmau...@yahoo.fr] > > I am using Tomcat with SSL and client-authentication by smartcard. My > application uses Struts2 and Spring-Security. I would like to : > 1/ get current SSL session retrieved from session-id
There isn't (at the moment) a direct relationship. Version 3.0 of the servlet spec (Tomcat 7) may change that as it explicitly mentions using SSL sessions. > 2/ close current SSL session in order to force end-user to typein again > his pin code (i.e. a logout function) Should be simple in Tomcat 7. For Tomcat 6 and earlier you'll need to do this yourself. I don't know how easy this will be until we have written the code for Tomcat 7. > 3/ detect a smartcard removal This could be tricky. It depends what the browser does when the smart card is removed. I think, based on a previos thread, the SSL session and connection remain valid so tere is no way for Tomcat to detect this. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
