tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Client Certificate -- All Authenticated Users
Date Tue, 08 Aug 2006 11:29:39 GMT
Joost.HELDENS@abvv.be wrote:
> The web.xml is configured in the following way to allow "all
> authenticated" user to do stuff. (To my knwoledge the * means all
> authenticated users, in my case users belonging to role1)

The "*" role does not mean all authenticated users. It means all users
with one or more roles that are defined in the this web.xml

> Is there a way to configure tomcat in such a way that, when tomcat
> accepts the client certificate, the user is automatically authenticated
> (and belongs to a default group) and the request.getUserPrincipal() is
> filled in with the relevant information from the certificate.

Sorry, no. Is setting clientAuth="true" (see
http://tomcat.apache.org/tomcat-5.5-doc/config/http.html) sufficient?

If not other options include:
- a custom realm
- a filter looking for javax.servlet.request.X509Certificate

HTH,

Mark

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message