I am trying to configure my web application within tomcat to require
client certificates for certain areas. I am not concerned about what
the certificate contains-only that it is a valid certificate (not
expired).
I have the ssl piece working and when I use the connector option
clientAuth="true" this makes my whole ssl session require
certificates-which is not what I want.
How can I configure the web.xml file to require certificates for only
certain servlets/urls of the webapp?
Would like the same functionality of clientAuth="true" (which just
checks the validity of the certifiicate but does not try to verify or
see if the user is in a list somewhere) but at the url/servlet level
within the web.xml for the web app.
Another quick question is how can one force the user to have to select
the cert again once inside the web application (simulate a logout).
Does invalidating the session force this? Do not want the user to have
to quit out of the browser.
Thanks,
Tony
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
- Re: help with client certificates Tony Dahbura
- Re: help with client certificates Sean Dockery
- Re: help with client certificates Tony Dahbura
- Re: help with client certificates Sean Dockery
- Re: help with client certificates Tony Dahbura
- Re: help with client certificates Sean Dockery
- Re: help with client certificates Tony Dahbura
- Re: help with client certificat... Sean Dockery
- help with client certificates Tony Dahbura
