tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Authentication from the browser
Date Thu, 04 Jun 2009 16:39:30 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alec,

On 6/3/2009 12:25 PM, Alec Swan wrote:
> Bill, thank you for your feedback. I read up on CLIENT-CERT and am now
> surprised that Bill was the only one to mention it. It sounds like
> CLIENT-CERT is the scheme that we should. We can generate certificates and
> ask our customer to distribute it to its users and have them install
> certificates in their browsers.
> 
> Is there a reason why not many people recommended CLIENT-CERT authentication
> on this thread?

We assumed that your stated requirements were accurate. A second
application deployment didn't seem like an option. Note that CLIENT-CERT
cannot be used alongside BASIC/DIGEST or FORM authentication within the
same application: you'll need to deploy the application twice, each with
a different authentication scheme.

Of course, there are ways to do this with code if you follow my
suggestion of having a service-only URL available that handles
authentication differently than the rest of the application.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkon+MIACgkQ9CaO5/Lv0PA0xwCeLSgL5zcnwsHfYof6+KcXYjlc
EzkAoML3rgGqMVh9pJDU51QqUph6yLVQ
=64oX
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message