tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Dahbura <>
Subject help with client certificates
Date Tue, 11 Feb 2003 10:11:28 GMT
I am trying to configure my web application within tomcat to require 
client certificates for certain areas.  I am not concerned about what 
the certificate contains-only that it is a valid certificate (not 

I have the ssl piece working and when I use the connector option 
clientAuth="true" this makes my whole ssl session require 
certificates-which is not what I want.  

How can I configure the web.xml file to require certificates for only 
certain servlets/urls of the webapp?  

Would like the same functionality of clientAuth="true" (which just 
checks the validity of the certifiicate but does not try to verify or 
see if the user is in a list somewhere) but at the url/servlet level 
within the web.xml for the web app.

Another quick question is how can one force the user to have to select 
the cert again once inside the web application (simulate a logout). 
 Does invalidating the session force this?  Do not want the user to have 
to quit out of the browser.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message