Assuming that no other servlet in the webapp requires authentication, then
you can remove the 'clientAuth' from the Connector. Then set up a:
<security-constraint>
<web-resource-collection>
<web-resource-name>SomeName</web-resource-name>
<url-pattern>/servlet/MyServlet/*</urlpattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
Tomcat (at least 4.1.18 and higher) will then request the client cert only
when accessing MyServlet.
The above only applies to Tomcat Stand-Alone. If you are running behind
Apache, then you need to request the cert using the standard Apache options
in a <Location> tag.
"Peter Boevink" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi,
I'm using tomcat 4.1 and have several servlets running on it.
Now I have one servlet that needs client authentication (SSL).
I do not want all servlets to force client authentication but only that
perticular one.
All other servlets will use SSL.
Tomcat is now configured to use SSL and clientAuth, which works fine.
But all servlets requested now need a client certificate, is there a way to
activate clientAuth only for one servlet?
Thank, Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
