tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: Activating clientAuth for just one servlet
Date Thu, 13 Feb 2003 09:25:23 GMT
Assuming that no other servlet in the webapp requires authentication, then
you can remove the 'clientAuth' from the Connector.  Then set up a:

Tomcat (at least 4.1.18 and higher) will then request the client cert only
when accessing MyServlet.

The above only applies to Tomcat Stand-Alone.  If you are running behind
Apache, then you need to request the cert using the standard Apache options
in a <Location> tag.
"Peter Boevink" <> wrote in message

I'm using tomcat 4.1 and have several servlets running on it.
Now I have one servlet that needs client authentication (SSL).
I do not want all servlets to force client authentication but only that
perticular one.
All other servlets will use SSL.

Tomcat is now configured to use SSL and clientAuth, which works fine.
But all servlets requested now need a client certificate, is there a way to
activate clientAuth only for one servlet?

Thank, Peter

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message