Certificate and form login in one WAR

xmedeko Jun 23, 2009 10:43 AM

Hi,
is it possible to have in one WAR: one servlet protected by a certificate authentication and the another servlet protected by FORM authentication?

Thanks

1. Re: Certificate and form login in one WAR

jfclere Jun 24, 2009 3:26 AM (in response to xmedeko)
Yep just have 2 security-constraint in the web.xml one with:
<transport-guarantee>CONFIDENTIAL</transport-guarantee>

the other with something like:
<auth-constraint> <role-name>manager</role-name> </auth-constraint>
Actions
2. Re: Certificate and form login in one WAR

xmedeko Jun 24, 2009 3:45 AM (in response to xmedeko)

No, I do not mean transport CONFIDENTIAL, I mean client certificate authentication (CLIENT-CERT).

I.e. one servlet can be accesses only by a client with certain certificate (CLIENT-CERT) method, and another servlet accessed by user:password (FORM).

The servlet accessed by the CLIENT-CERT method is in fact accessed just by a Java Swing application, not by the browser. So I think I may code some solution, like that the Java app will send certificate in POST data.
Actions
3. Re: Certificate and form login in one WAR

jfclere Jun 24, 2009 4:36 AM (in response to xmedeko)

You can't have a multiple login-config in the web.xml of a webapp.
Actions
4. Re: Certificate and form login in one WAR

xmedeko Jun 24, 2009 4:49 AM (in response to xmedeko)

Hmm, yeah, thanks.
Actions
5. Re: Certificate and form login in one WAR

xmedeko Apr 23, 2010 6:35 AM (in response to xmedeko)

Finally, i have found this http://wiki.apache.org/tomcat/SSLWithFORMFallback
Actions

Go to original post