tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Brittain <jason.britt...@mulesource.com>
Subject Re: multiple truststores
Date Fri, 16 Oct 2009 17:40:07 GMT
Hi Aron.

You do not need two separate Tomcat instances for this.  In your server.xml
file, you'll notice that your HTTPS Connector elements are nested within a
Service element.  Also nested within the Service element is an Engine
element that in turn contains your Host(s) and Context(s), like this
(simplified):

<Server>
  <Service>
    <Connector port="443"/>
    <Connector port="444"/>
    <Engine>
      <Host name="yourhostname">
        <Context path="/webapp1"/>
        <Context path="/webapp2"/>
      </Host>
    </Engine>
  </Service>
</Server>

Tomcat matches up the Connectors with the Engine and the Engine's Hosts and
Contexts.  Tomcat also supports having more than one Service element in
server.xml, which means you can change the structure so that only one
connector is able send requests to one webapp, like this:

<Server>
  <Service name="Catalina">
    <Connector port="443"/>
    <Engine>
      <Host name="yourhostname">
        <Context path="/webapp1"/>
      </Host>
    </Engine>
  </Service>
  <Service name="Catalina444">
    <Connector port="444"/>
    <Engine>
      <Host name="yourhostname">
        <Context path="/webapp2"/>
      </Host>
    </Engine>
  </Service>
</Server>

--
Jason Brittain
MuleSoft <http://www.mulesoft.com>


On Fri, Oct 16, 2009 at 8:02 AM, <tomcat@ehome.hu> wrote:

> Hi all,
>
> I am trying to get to work two web applications with client-side SSL
> Authentication.
> I have set up two connectors (port 443, 444) each with its own truststore.
>
> Everything works fine so far, only the last step is mising.
>
> People getting a connection through port 443 should only be able to use
> "Web Application 1".
> People getting a connection through port 444 should only be able to use
> "Web Application 2".
> How can i configure this?
>
> I hope I wont need to hae two tomcat instances running for this.
>
> Thank you and wish you nice WE,
> Aron Katona
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message