For most browsers, this won't really work. Most browsers treat CLIENT-CERT login the same way that they treat BASIC, so once they have authenticated, they won't ask the user again, and just re-send the same credentials. It is easy enough to write a Valve to do this, but as I said, it won't work the way you want it to. As such, I'd be against including it in Tomcat unless you can write such a Valve and show that it works.
"atul" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I was wondering if a feature to achieve SSL "logout" would make it in here too ! SSL Logout : Provide a way to session-tear-off/logout for an authenticated session using X509Certificate based client/mutual SSL. So that when the user tries to access a protected resource again without closing the browser (user agent), the server re-negotiates ssl and ask for client certificate. I was not able to find this in any of Tomcat 4.x, 5.x Or 6.x. This would be great feature and I know quiet a few people are looking for it. Thanks A t u l ----- Original Message ---- From: Filip Hanik - Dev Lists <[EMAIL PROTECTED]> To: Tomcat Developers List <dev@tomcat.apache.org> Sent: Monday, August 6, 2007 10:36:24 PM Subject: 6.x feature wishlist I wanted to start a wish list of what we can move forward with, here is a short list of items that I had in mind as a starter 1. Session replication - stateless backup location Store the backup location of a session as part of the sessionId, similar to the jvmRoute but opposite. This way, you can scale a cluster horizontally, since the location of the backup node doesn't have to be known until you fail over. 2. Add a block/no-block parameter to InputFilter.doRead and OutputFilter.doWrite InputFilter -> public int doRead(ByteChunk chunk, Request unused, boolean block) throws IOException; OutputFilter -> public int doWrite(ByteChunk chunk, Response unused, boolean block) throws IOException; Servlet 3.0 will most likely expose non blocking read/write through the servlet API, this will get us there ahead of time Haven't thought of how we expose this API yet though, but more will follow 3. Consolidate connector code Currently we have Http11Processor/Http11NioProcessor/Http11AprProcessor doing almost the same thing, there is much that can be consolidated to make the code more maintainable Essentially, you create a Endpoint base line interface. At the same time we could consolidate the Internal(In/Out)put buffers as they are copies too. We have some fairly tuned endpoints now, it would also be nice to make these protocol agnostic. 4. Startup -> server.xml warnings If one enters an invalid element or attribute that is simply ignored today, at least output an info or warn message letting the admin know if its misconfiguration. 5. Finish bayeux -> I started this in sandbox, took me a while to understand the protocol, and its not as cool as I thought it would be but I still feel its important for it to be part of Tomcat 6. Auto context logging Automatically create loggers for each context, so that one doesn't have to specify one per context in logging.properties Of course, you can turn on/off the auto context logger through logging.properties 7. File cache - use MappedByteBuffers for the file cache, that way the send file operation can benefit even more when you have two direct buffers, and you also avoid reading the disk each time for a file ideas on this came from Jeanfrancois Arcand. (http://fisheye5.cenqua.com/browse/glassfish/appserv-http-engine/src/java/com/sun/enterprise/web/connector/grizzly/FileCache.java?r=1.21) 8. Add getName()/setName() to the WebappClassLoader, name of the web app classloader will correspond to the one of the Context container Applications like Terracotta or AOP apps can much easier plug in and be able to share data when they know what loader the class came from 9. Add the configuration option to start the connectors after all apps are deployed If some applications are taking long to startup, load balancers are already trying to send requests to the Tomcat instance, which is just bound to a port, but not yet taking requests 10.Turn our embedded thread pools into Tomcat Executor thread pools, same performance but pluggable. Instead of having them hidden in the end point code 11.Timestamps & System.currentTimeMillis System.currentTimeMillis is invoked everywhere during the chain of events for a HTTP requests, even though most dates only need precision down to the second. I've received feedback that this could be improved by keeping a time service, that updates a timestamp every second, and therefor reduces the number of system calls I think we would need to prove the theory before committing to the implementation, but that should be pretty easy 12.Comet sample webapp While most folks want to start with Comet, it is a strange question, tons of users on the user list just are having a hard time getting kick started I was thinking we can keep this list on Wiki or in a text file in SVN, http://wiki.apache.org/tomcat/6xFeatures thoughts Filip --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ____________________________________________________________________________________ Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
