Thanks for the reply, i tried adding the auth-constraint to my web.xml but the page still loads normally...I also deleted the http-method element like you suggested, my web.xml now looks like this:
<security-constraint>
<display-name>Security</display-name>
<web-resource-collection>
<web-resource-name>WRCollection</web-resource-name>
<url-pattern>/hello</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
<security-role>
<role-name>Admin</role-name>
</security-role>
Is there anything I should have set in the glassfish admin page ?
[Message sent by forum member 'julian_d' (julian_d)]
http://forums.java.net/jive/thread.jspa?messageID=280112