Hi, SSL stuff happens before any actual HTTP data is sent. It not possible to see request's URL at this stage.
Dima Tuesday, March 6, 2007, 3:29:15 PM, you wrote: JAA> Hello, JAA> I try to implement a custom client certificate authentication, that does JAA> some complicated LDAP-lookups in the background and gives an authenticated JAA> value with request.getRemoteUser() back to the applications. JAA> Peeking through the jcifs source, I chose to implement a filter. This JAA> works,but I'd like to limit the areas where the tomcat-SSL Connector asks JAA> for a SSL-Clientauthentication. JAA> I configured the connector with clientAuth="false" and tried to force SSL JAA> client authentication within the applications web.xml with: JAA> <security-constraint> JAA> <web-resource-collection> JAA> <web-resource-name>Zugriffsschutz</web-resource-name> JAA> <url-pattern>/secure/*</url-pattern> JAA> </web-resource-collection> JAA> <user-data-constraint> JAA> <transport-guarantee>CONFIDENTIAL</transport-guarantee> JAA> </user-data-constraint> JAA> </security-constraint> JAA> <login-config> JAA> <auth-method>CLIENT-CERT</auth-method> JAA> </login-config> JAA> But this does not make the connector ask for a client certificate. How do I JAA> make the connector ask for it? (clientAuth="true" in the connectors JAA> configuration works, but limits the access of all pages to users that have JAA> client certs). JAA> I'm using tomcat 5.5.20. JAA> Regards, JAA> Alexander Jung -- Best regards, Dima mailto:[EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]