Dear All My developer give me a .war file which I place it as jboss/server/default/deploy/test.war
Thus I have around 5 .war placed in the server. All the apps are presently accessed using https://myorg.com:8080/test1/, https://myorg.com:8080/test2/ ... and so on. Next I want to implement client auth for certain apps. How do i go about it.?? Regards & Thanks ================ Mahesh S Kudva -----Original Message----- From: "Bill Barker" <[EMAIL PROTECTED]> To: tomcat-user@jakarta.apache.org Date: Fri, 1 Jul 2005 21:56:37 -0700 Subject: Re: Certificate Authentication for individual apps > > "Mahesh S Kudva" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Hi All > > > > Thanks for the note. May be I was not clear in my earlier mail. > > > > > > I have client authentication using certificates. I want to skip > client > > auth for certain hosted applications on the server but preserve > client > > auth for other apps. > > > > On the Connector leave the 'clientAuth' attribute as 'false' (or use > 'want', if you really want to be annoying :). Then in the webapps that > care > setup your web.xml files with something like: > <login-config> > <auth-method>CLIENT-CERT</auth-method> > </login-config> > > In this case, any page protected by a <security-constraint> will force > the > user to send a client-cert. Unfortunately, most of the > production-quality > Realms that ship with Tomcat don't support CLIENT-CERT auth. > > For 4.1.x <= tcversion <= 5.0.x, there is also a request attribute that > you > can use to do the same thing. If you need it, search the archives. > > > Regards & Thanks > > ================ > > Mahesh S Kudva > > > > > > -----Original Message----- > > From: Paul Singleton <[EMAIL PROTECTED]> > > To: Tomcat Users List <tomcat-user@jakarta.apache.org> > > Date: Fri, 01 Jul 2005 15:32:12 +0100 > > Subject: Re: Certificate Authentication for individual apps > > > >> Mahesh S Kudva wrote: > >> > >> > How can I have different certificate authentication for different > >> applications and skip certificate > >> > authentication for some applications hosted on the same server. > >> > >> I believe that, at least under SSL, certificates authenticate > >> *servers* not applications, and that the Connector offers a > >> certificate before it checks, or regardless of, the context > >> path within that server. > >> > >> So you need to deploy each app at a different (virtual) host, > >> each with a different IP address. We do this currently with > >> 5.5.9. You can use the default keystore for all hosts, and > >> use the (undocumented) keyAlias="myalias" Connector attribute > >> to offer the appropriate certificate for each host, e.g. > >> > >> <Connector > >> address="288.104.197.211" > >> port="8443" > >> scheme="https" > >> secure="true" > >> sslProtocol="TLS" > >> keyAlias="mrk2" > >> /> > >> > >> (in 5.5.9 you also need sslProtocol="TLS" explicitly) > >> > >> Paul Singleton > >> > >> > >> -- > >> No virus found in this outgoing message. > >> Checked by AVG Anti-Virus. > >> Version: 7.0.323 / Virus Database: 267.8.8/35 - Release Date: > >> 30/Jun/2005 > >> > >> > >> > --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > ------------------------------------------------------- > > Robosoft Technologies - Partners in Product Development > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] ------------------------------------------------------- Robosoft Technologies - Partners in Product Development --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
