On 17 Dec 2010, at 00:37, Steve Mitchell <[email protected]> wrote:
> I would like my Tomcat instance to authenticate different roles differently. > E.g., admins must use SSL client auth, while regular users use HTTP basic > authentication over SSL. This seems like a routine requirement, but it's > unsupported in Tomcat 6 (or 7). Look at the MultiRealm in the docs/svn. p > > I have a workaround -- use an Apache reverse proxy for authentication. The > disadvantages are that Tomcat roles are unavailable, and admin users and > regular users connect to the same resource with different URLs. > > The ideal solution would be to use SSL with selectable client authentication. > In this mode, HTTP basic authentication would be skipped if the client had > already presented a valid SSL client certificate. Can Tomcat be made to do > this? > > --Steve > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
