Antony GUILLOTEAU wrote:
I'm able to show the login window of a basic realm with following code :
response.setHeader("WWW-Authenticate", "BASIC realm=\"myName\"");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
Now I wish to show the window like CLIENT-CERT : when all realm parameters are
set in the web.xml that 's work fine. But I want to do the same thing
programmaticly with response.sendError(HttpServletResponse.SC_UNAUTHORIZED).
I think it is done in the tomcat code ... but where ?
Thanks
It is done in o.a.c.authenticator.AuthenticatorBase and the process is
basically issue a redirect to SSL. You will need to set the clientAuth
attribute on the connector to true to require all connections to
present a client certificate. If you want to validate the clienbt
certificate, have a look at o.a.c.authenticator.SSLAuthenticator
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]