[jboss-user] [Beginners Corner] - clietAuth only for specific location

[ameznaric]

How can i enable clientAuth only for specific location? I have a problem, because our application runs on https, and we have 2 login methods. 

1. Login:  Login using username and password
2. Login:  Login using password and certificate

Our main site must be view-able to all and then the user will login how ever he wants. 

My first test was with Apache and mod_jk - it worked great. I could specify a location for witch it should request a client cert - WORKS! 

My problem is here: We have our own login auth script and we only need a request for the client certificate - not verification and anything - that is done by our script (all our certificates are in the database). I have a keystore (server cert) and truststore (ca`s). When i enable clientAuth in tomcat connector it requests client cert for all connection to localhost:8443. I need a request for client cert only for localhost:8443/something-else/ 

Is this possible?

Thank you in advance, Alja?



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4076777#4076777

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4076777