Antony GUILLOTEAU wrote:
I'm able to show the login window of a basic realm with following code : response.setHeader("WWW-Authenticate", "BASIC realm=\"myName\""); response.sendError(HttpServletResponse.SC_UNAUTHORIZED);Now I wish to show the window like CLIENT-CERT : when all realm parameters are set in the web.xml that 's work fine. But I want to do the same thing programmaticly with response.sendError(HttpServletResponse.SC_UNAUTHORIZED). I think it is done in the tomcat code ... but where ? Thanks
It is done in o.a.c.authenticator.AuthenticatorBase and the process is basically issue a redirect to SSL. You will need to set the clientAuth attribute on the connector to true to require all connections to present a client certificate. If you want to validate the clienbt certificate, have a look at o.a.c.authenticator.SSLAuthenticator
Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
