Hi, I work on an java web-app running on Tomcat 7. The entire application is required be doing SSL on port 443 (everything is accessed via https://). Two different login options are given to the user : username/password or client certificate authentication. We employ application-managed security as opposed to contain-manage (i.e. we don't use realms). I have the following connector in my server.xml :
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="d:\certs\server_cert.jks" keystorePass="changeit" truststoreFile="d:\certs\truststore.jks" truststorePass="changeit" clientAuth="true" sslProtocol="TLS" /> This forces mutual authentication on anything I try to access using https. How can I configure tomcat so that only specific links (a specific struts action for example) would require mutual authentication or how can I exclude from the mutual authentication. Thanks, Sanjeev.