You can't do this with Tomcat alone. Client authentication is per webapp at best, or you can set it for the whole container in the server.xml Connector
element, whatever use that is.
If you need this per resource you can get it by using Apache HTTPD in front and having it terminate SSL. (It will still pass the client certificate in a header to Tomcat so that Tomcat can obey the Servlet specification about making it available to webapps.) You can then configure practically everything about SSL right down to the level of individual files. This also gives you all kinds of other goodies like load balancing.