Hi,
I work on an java web-app running on Tomcat 7. The entire application is
required be doing SSL on port 443 (everything is accessed via https://). Two
different login options are given to the user : username/password or client
certificate authentication. We employ application-managed security as opposed
to contain-manage (i.e. we don't use realms). I have the following connector
in my server.xml :
<Connector port="443"
protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
keystoreFile="d:\certs\server_cert.jks"
keystorePass="changeit"
truststoreFile="d:\certs\truststore.jks"
truststorePass="changeit"
clientAuth="true"
sslProtocol="TLS" />
This forces mutual authentication on anything I try to access using https. How
can I configure tomcat so that only specific links (a specific struts action
for example) would require mutual authentication or how can I exclude from the
mutual authentication.
Thanks,
Sanjeev.
