Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 66551 invoked from network); 8 Aug 2006 11:30:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 8 Aug 2006 11:30:13 -0000 Received: (qmail 54205 invoked by uid 500); 8 Aug 2006 11:30:01 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 54185 invoked by uid 500); 8 Aug 2006 11:30:01 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 54170 invoked by uid 99); 8 Aug 2006 11:30:01 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Aug 2006 04:30:01 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [216.148.227.152] (HELO rwcrmhc12.comcast.net) (216.148.227.152) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Aug 2006 04:30:00 -0700 Received: from [192.168.0.101] (c-69-255-56-239.hsd1.md.comcast.net[69.255.56.239]) by comcast.net (rwcrmhc12) with ESMTP id <20060808112939m1200bnar3e>; Tue, 8 Aug 2006 11:29:39 +0000 Message-ID: <44D875A3.3070304@apache.org> Date: Tue, 08 Aug 2006 07:29:39 -0400 From: Mark Thomas User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Client Certificate -- All Authenticated Users References: <4CC3CF747D868640AA1702496B696B617E591F@t00mse01.fed.diva.net> In-Reply-To: <4CC3CF747D868640AA1702496B696B617E591F@t00mse01.fed.diva.net> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Joost.HELDENS@abvv.be wrote: > The web.xml is configured in the following way to allow "all > authenticated" user to do stuff. (To my knwoledge the * means all > authenticated users, in my case users belonging to role1) The "*" role does not mean all authenticated users. It means all users with one or more roles that are defined in the this web.xml > Is there a way to configure tomcat in such a way that, when tomcat > accepts the client certificate, the user is automatically authenticated > (and belongs to a default group) and the request.getUserPrincipal() is > filled in with the relevant information from the certificate. Sorry, no. Is setting clientAuth="true" (see http://tomcat.apache.org/tomcat-5.5-doc/config/http.html) sufficient? If not other options include: - a custom realm - a filter looking for javax.servlet.request.X509Certificate HTH, Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org