Hi,
SSL stuff happens before any actual HTTP data is sent.
It not possible to see request's URL at this stage.
Dima
Tuesday, March 6, 2007, 3:29:15 PM, you wrote:
JAA> Hello,
JAA> I try to implement a custom client certificate authentication, that does
JAA> some complicated LDAP-lookups in the background and gives an authenticated
JAA> value with request.getRemoteUser() back to the applications.
JAA> Peeking through the jcifs source, I chose to implement a filter. This
JAA> works,but I'd like to limit the areas where the tomcat-SSL Connector asks
JAA> for a SSL-Clientauthentication.
JAA> I configured the connector with clientAuth="false" and tried to force SSL
JAA> client authentication within the applications web.xml with:
JAA> <security-constraint>
JAA> <web-resource-collection>
JAA> <web-resource-name>Zugriffsschutz</web-resource-name>
JAA> <url-pattern>/secure/*</url-pattern>
JAA> </web-resource-collection>
JAA> <user-data-constraint>
JAA> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
JAA> </user-data-constraint>
JAA> </security-constraint>
JAA> <login-config>
JAA> <auth-method>CLIENT-CERT</auth-method>
JAA> </login-config>
JAA> But this does not make the connector ask for a client certificate. How do I
JAA> make the connector ask for it? (clientAuth="true" in the connectors
JAA> configuration works, but limits the access of all pages to users that have
JAA> client certs).
JAA> I'm using tomcat 5.5.20.
JAA> Regards,
JAA> Alexander Jung
--
Best regards,
Dima mailto:[EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
