...
Note: Tested with Tomcat 5.5.17, 5.5.20 and 5.5.25
See also:
SSL Client Authentication (sometimes also known as "Client Certificate" authentication) uses the SSL protocol to authenticate clients based on a X509 Certificate. Normally this is accomlished accomplished by configuring SSL in Tomcat, and then configuring the Web Application's security descriptor to use "CLIENT-CERT" as the auth-method in the login-config section.
...
In trying to implement this, we found the only "standard conformant" solution was to install the web application multiple times with different authentication configurations. This solution was very unsatisfactory for us, as it leads to a duplication of services, and the serives services are accessible under different URLs/Ports depending on the desired security level. That just wasn't what we wanted.
...
Should you have questions about the code, please feel free to contact me (the Author) at: runger -AT- aon.at
...