tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Vávra <>
Subject Two auth methods for one application
Date Thu, 02 Feb 2012 11:26:05 GMT
  I have implemented own realm. I extended RealmBase, overrided methods
(1) public Principal authenticate(X509Certificate[] certs),
(2) public Principal authenticate(String username, String credentials).

I have Tomcat 6 that runs behind Apache Server over AJP. In the 
situation (1) client connects to HOST1, Apache Server challenges for 
client certificate. In the situation (2)  client connects to HOST2. Both 
HOST1, HOST2 are configured to do a reverse proxy to /myapp on tomcat.
I am not able to configure tomcat to call both methods. In the myapp's 
web.xml I have
and tomcat calls the function (1). When I replace CLIENT-CERT for BASIC 
tomcat calls the function (2).
Is it possible to configure tomcat to call both variants of functions? 
I'd like to write something like <auth-method>CLIENT-CERT or 


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message