In my understanding:
(1) Client-Auth is set to true: every client who accesses Tomcat must has his own certificate. And the certificate of the CA who issued client certificate must in the truststore list. The default location of the truststore list is at JAVA_HOME/jre/lib/security/cacerts.
Question: it is possible to set it in the different location??
(2) Client-Cert is set in the web application configuration file (web.xml) : every client who accesses this web application must has his own trusted certificate.
<web-app>
...
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>ClientName</realm-name>
</login-config>
...
</web-app>Question: in the configuration, what is <realm-name> represents for??? Is I can define the client list (such as using CN value in the certificate) in the memoryrealm or some other place, to achieve the access control. In other word, I want to only allow selected users to access the web application, of cause, those users must has their own certificate. Can I do this??
Thanks Jack
_________________________________________________________________
Send a QuickGreet with MSN Messenger http://www.msnmessenger-download.com/tracking/cdp_games
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
