tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pid *" <...@pidster.com>
Subject Re: Authentication and roles (RFE)
Date Fri, 17 Dec 2010 07:36:41 GMT
On 17 Dec 2010, at 00:37, Steve Mitchell <mitchell@intertrust.com> wrote:

> I would like my Tomcat instance to authenticate different roles differently.  E.g., admins
must use SSL client auth, while regular users use HTTP basic authentication over SSL.  This
seems like a routine requirement, but it's unsupported in Tomcat 6 (or 7).

Look at the MultiRealm in the docs/svn.


p

>
> I have a workaround -- use an Apache reverse proxy for authentication.  The disadvantages
are that Tomcat roles are unavailable, and admin users and regular users connect to the same
resource with different URLs.
>
> The ideal solution would be to use SSL with selectable client authentication.  In this
mode, HTTP basic authentication would be skipped if the client had already presented a valid
SSL client certificate.  Can Tomcat be made to do this?
>
>  --Steve
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message