On 18/02/2010 00:24, Kevin Mills wrote: <snip/> > <servlet-mapping> > <servlet-name>MyServlet</servlet-name> > <url-pattern>/myServlet</url-pattern> > </servlet-mapping>
<snip/> > <security-constraint> > <web-resource-collection> > <web-resource-name>MyApp</web-resource-name> > <url-pattern>/index.jsp</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>X509</role-name> > </auth-constraint> > </security-constraint> > <security-constraint> > <web-resource-collection> > <web-resource-name>Everything</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > <login-config> > <auth-method>CLIENT-CERT</auth-method> > </login-config> <snip/> > :-) "Doesn't work", meaning I don't get prompted for my certificate. > I see my servlet's output without any sort of authentication. What URL are you requesting? Only index.jsp will prompt for a cert. Your servlet will just require SSL to be used. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org