Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 37890 invoked from network); 11 Feb 2003 09:54:20 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 11 Feb 2003 09:54:20 -0000 Received: (qmail 24463 invoked by uid 97); 11 Feb 2003 09:56:02 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org Received: (qmail 24455 invoked from network); 11 Feb 2003 09:56:02 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by nagoya.betaversion.org with SMTP; 11 Feb 2003 09:56:02 -0000 Received: (qmail 36483 invoked by uid 500); 11 Feb 2003 09:54:04 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 36470 invoked from network); 11 Feb 2003 09:54:04 -0000 Received: from curacao.dahbura.com (66.54.32.57) by daedalus.apache.org with SMTP; 11 Feb 2003 09:54:04 -0000 Received: (qmail 25303 invoked from network); 11 Feb 2003 09:41:58 -0000 Received: from unknown (HELO loudcloud.com) (216.112.245.219) by 0 with SMTP; 11 Feb 2003 09:41:58 -0000 Message-ID: <3E48CC50.7010206@loudcloud.com> Date: Tue, 11 Feb 2003 05:11:28 -0500 From: Tony Dahbura User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2.1) Gecko/20021130 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Users List Subject: help with client certificates Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N I am trying to configure my web application within tomcat to require client certificates for certain areas. I am not concerned about what the certificate contains-only that it is a valid certificate (not expired). I have the ssl piece working and when I use the connector option clientAuth="true" this makes my whole ssl session require certificates-which is not what I want. How can I configure the web.xml file to require certificates for only certain servlets/urls of the webapp? Would like the same functionality of clientAuth="true" (which just checks the validity of the certifiicate but does not try to verify or see if the user is in a list somewhere) but at the url/servlet level within the web.xml for the web app. Another quick question is how can one force the user to have to select the cert again once inside the web application (simulate a logout). Does invalidating the session force this? Do not want the user to have to quit out of the browser. Thanks, Tony --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org