Greg Charles wrote:Tim, can you be clearer about what's making you nervous? The process as I described it is using JavaEE standard security with client certificate validation. I'd like to understand more about what Anh is doing though. In particular, I don't understand how jars on the server are involved with the authentication. Which jars?
It look like this in the request body: targetUrl=null&username=<myUsername>&password=<CAC-myID>
Bill S. wrote:
Therefore, to be possess'd with double pomp,
To guard a title that was rich before,
To gild refined gold, to paint the lily,
To throw a perfume on the violet,
To smooth the ice, or add another hue
Unto the rainbow, or with taper-light
To seek the beauteous eye of heaven to garnish,
Is wasteful and ridiculous excess.
Tim Holloway wrote:Trust me. if you are launching a Tomcat with a 6.0.18 catalina.jar in it you are NOT running Tomcat 6.0.37. As I said, the core of Tomcat is the catalina jar. Everything else is just refinements.