Raphael Gallo wrote:
It�s possible use FORM authentication and CLIENT-CERT in the sameNot sure if it works with FORM but I have done this with BASIC (through https).
application. How can I do this ?
If the CLIENT-CERT fails the system will fallback to BASIC.
I have done this by fiddling my own SSLAuthenticator (called SSLAuthenticatorOptional) into Tomcat.
The main changes in short:
private BasicAuthenticator secondAuth = new BasicAuthenticator();
// Authenticate the specified certificate chain
principal = context.getRealm().authenticate(certs);
if (principal == null)
{
if (debug >= 1)
{
log(" Realm.authenticate() returned false");
} return secondAuth.authenticate(request, response, config);
// hres.sendError(HttpServletResponse.SC_UNAUTHORIZED,
// sm.getString("authenticator.unauthorized"));
// return (false);
}To put the SSLAuthenticatorOptional into Tomcat I have had to change the Authenticators.properties - which could done by this ant task
<target name="config-tomcat" description="Tomcat configuration">
<unjar src="${tomcat-server}/lib/catalina.jar" dest="${tomcat-server}/classes">
<patternset includes="org/apache/catalina/startup/Authenticators.properties"/>
</unjar>
<replaceregexp file="${tomcat-server}/classes/org/apache/catalina/startup/Authenticators.properties"
byline="true"
match="CLIENT-CERT=org.apache.catalina.authenticator.SSLAuthenticator"
replace="CLIENT-CERT=tomcat.SSLAuthenticatorOptional"/>
</target>
--- Mario
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
