Christopher Schultz a écrit :
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David,
From outside however, we want to force authentification on all the
webapp. So we would like to have a security-constraint on / that
applies *only* when webapp is reached using SSL connector.
You might be able to avoid the entire problem by using a VPN. Is that an
acceptable change in strategy?
Hoooo no :) VPN means installing and maintaing a vpn server + installing
vpn on clients at their home. This is a bit annoying when what you want
is make available to users general documents they might need when not at
office. And i know the answer would be like "No need, there is already
the absolutely unfriendly ssh connection + port forwarding + point your
browser to 127.0.0.1"
What about client certificates? I think
you're going to seriously complicate your application to add this
requirement.
Cleint certificates means managing those certificate, that is something
to avoid considering its along the lines of "maintaining a set of
authentification token seperated from the general authentification
database already in use by other non-java applications"
Thanks for suggestions but it's not applicable easily in our environment.
- -chris
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]