Hello, how are you?
I need help to configure a secure application.
I am trying to request client certificate in only one page and force to
use SSL in the entire application.
I put the following in the web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>certificates</web-resource-name>
<url-pattern>/certificates/add.action</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
If I add a new url pattern, this page will request client certificate too.
How can I force to use SSL without require cliente certificate but still
require it in a specific page?
I hope that you can understand me. If you need more information or clarify
something, please let me know.
Thank you very much in advanced.
Fabian
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
