[EMAIL PROTECTED] wrote: > The web.xml is configured in the following way to allow "all > authenticated" user to do stuff. (To my knwoledge the * means all > authenticated users, in my case users belonging to role1)
The "*" role does not mean all authenticated users. It means all users with one or more roles that are defined in the this web.xml > Is there a way to configure tomcat in such a way that, when tomcat > accepts the client certificate, the user is automatically authenticated > (and belongs to a default group) and the request.getUserPrincipal() is > filled in with the relevant information from the certificate. Sorry, no. Is setting clientAuth="true" (see http://tomcat.apache.org/tomcat-5.5-doc/config/http.html) sufficient? If not other options include: - a custom realm - a filter looking for javax.servlet.request.X509Certificate HTH, Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]