Peter: I had the same problem. You need a realm definition for this and you probably want to look at the cert within your servlet but otherwise just leave it alone.
I ended up writing a realm module that basically just passes on the credentials but allows people in. I can email it to you if you want. Contact me directly. Tony Peter Boevink wrote: > Do I have to add the security constraint to the web.xml of the specific servlet? > If I do that, my tomcat logger tells me: No Realm has been configured to >authenticate against > > -----Original Message----- > From: Bill Barker [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 13, 2003 10:25 AM > To: [EMAIL PROTECTED] > Subject: Re: Activating clientAuth for just one servlet > > Assuming that no other servlet in the webapp requires authentication, then > you can remove the 'clientAuth' from the Connector. Then set up a: > <security-constraint> > <web-resource-collection> > <web-resource-name>SomeName</web-resource-name> > <url-pattern>/servlet/MyServlet/*</urlpattern> > </web-resource-collection> > </security-constraint> > <login-config> > <auth-method>CLIENT-CERT</auth-method> > </login-config> > > Tomcat (at least 4.1.18 and higher) will then request the client cert only > when accessing MyServlet. > > The above only applies to Tomcat Stand-Alone. If you are running behind > Apache, then you need to request the cert using the standard Apache options > in a <Location> tag. > "Peter Boevink" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > I'm using tomcat 4.1 and have several servlets running on it. > Now I have one servlet that needs client authentication (SSL). > I do not want all servlets to force client authentication but only that > perticular one. > All other servlets will use SSL. > > Tomcat is now configured to use SSL and clientAuth, which works fine. > But all servlets requested now need a client certificate, is there a way to > activate clientAuth only for one servlet? > > Thank, Peter > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Tony Dahbura Deployment Director Opsware Business Practice EDS Inc. 13900 Lincoln Park Drive Suite 405/WH-OPS Herndon, VA 20171 voice: 703.742.1280 fax: 703.742.1163 [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
