users@glassfish.java.net

double layered client authentication

From: <glassfish_at_javadesktop.org>
Date: Mon, 03 Mar 2008 04:16:41 PST

Hallo,

I am trying to do a double layered client authentication using client certificates and HTTP Authentication. (without using WSIT)

I tried the following way,

Set the client-auth="true" for the https service and had set the Login configuration to "Basic with jdbcRealm". So when browser pointed to the url, the client certificate was requested and after that server login dialog appear.

so far so good.

But this comes to the point, where for all the other deployed applications, for example, plain SSL enabled applications were denied access for clients which came with no certificates.

Is there any way to enable "CLIENT-CERT" and also "Basic using realms" feature for a single web application without enabling client-auth for the entire https-service ?

Thanks
[Message sent by forum member 'balsmn' (balsmn)]

http://forums.java.net/jive/thread.jspa?messageID=261972
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.