Hello,
I'm currently testing mutual authentication using CLIENT-CERT (I'm trying to make it work on the Hello.war example from the Quick Start Guide).
my web.xml is as follow:
<security-constraint>
<display-name>Security</display-name>
<web-resource-collection>
<web-resource-name>Security</web-resource-name>
<url-pattern>/hello</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>certificate</realm-name>
</login-config>
This method is completely ignored, no certificate are asked in the browser and the page loads normally... I tried to enable the Client Authentication option on the listener and it works (a certificate is asked in the browser and the page loads if select the right one).
So what am I missing here ?
regards,
Julian
[Message sent by forum member 'julian_d' (julian_d)]
http://forums.java.net/jive/thread.jspa?messageID=279977