tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pid *" <>
Subject Re: Authentication and roles (RFE)
Date Fri, 17 Dec 2010 07:36:41 GMT
On 17 Dec 2010, at 00:37, Steve Mitchell <> wrote:

> I would like my Tomcat instance to authenticate different roles differently.  E.g., admins
must use SSL client auth, while regular users use HTTP basic authentication over SSL.  This
seems like a routine requirement, but it's unsupported in Tomcat 6 (or 7).

Look at the MultiRealm in the docs/svn.


> I have a workaround -- use an Apache reverse proxy for authentication.  The disadvantages
are that Tomcat roles are unavailable, and admin users and regular users connect to the same
resource with different URLs.
> The ideal solution would be to use SSL with selectable client authentication.  In this
mode, HTTP basic authentication would be skipped if the client had already presented a valid
SSL client certificate.  Can Tomcat be made to do this?
>  --Steve
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message