Is there a way to configure Tomcat to allow/disallow access to a web application based on the common name (CN) in an SSL client certificate? I can set "clientAuth=true" in the server.xml, which works fine, and I know I can read the certificate once I'm "in" the web application, but I'm looking for a way to do this before Tomcat passes the request on to the web application.
i.e. I'm looking for something analogous to the mod_ssl directives like "SSLRequire", "SSLVerifyDepth", etc. Any ideas? Is this type of thing supported in Tomcat 3? 4? Neither? The SSL docs are great from a server perspective but I couldn't find much that's client-related. Thanks for any input! Greg Bailey [EMAIL PROTECTED] -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>