tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Арсений Зинченко <setev...@gmail.com>
Subject Re: Using different SSL-connector settings for various Context
Date Tue, 04 Feb 2014 12:47:00 GMT
Yes, this is exactly what I'm want and I see this manual to.
But - how to specify different clientAuth= for different Context's ? I
found "SSL Authenticator
Valve<http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#SSL_Authenticator_Valve>"
- but there is nohting about how to do it... And I don't see any
possibility to make with any other Context
options<http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Context_Parameters>...



2014-02-04 André Warnier <aw@ice-sa.com>:

> Арсений Зинченко wrote:
>
>> Hi.
>>
>> Task is - have ability to use HTTP/HTTPS without clientAuth for ROOT, but
>> enable two-factor auth (clientAuth="true" and using trustedstore.jks) for
>> other Context.
>>
>> Can somebody please any tips?
>>
>>
> I don't know much about SSL, but isn't the answer right here ?
>
> http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support
>
> clientAuth
>
> Set to true if you want the SSL stack to require a valid certificate chain
> from the client before accepting a connection. Set to want if you want the
> SSL stack to request a client Certificate, but not fail if one isn't
> presented. A false value (which is the default) will not require a
> certificate chain unless the client requests a resource protected by a
> security constraint that uses CLIENT-CERT authentication.
>
> If I understand the above correctly, then setting clientAuth="false" in
> the Connector, and then requesting a CLIENT-CERT authentication only in
> your "other Context", should do the trick, no ?
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message