If you wish to do that then you will need to write a JSR 196 SAM and plug it in with your.
http://docs.oracle.com/cd/E18930_01/html/821-2435/gkkyv.html
https://blogs.oracle.com/monzillo/entry/pluggable_authentication_in_the_glassfish
On Jan 28, 2013, at 12:18 AM, Mo Maison wrote:
>
> Hello glassfish users,
>
> I would like to use the same URL with two methods
> of authentication : client certificate, and if none is supplied
> then basic http.
> However, this seems impossible to do since if the URL
> is defined as CLIENT_CERT, then if client does not supply
> its certificate, request process is aborted by glassfish
> before it reaches application code (where a filter could
> handle basic authentication).
>
> I am aware of the following optional certificate feature
> http://java.net/jira/browse/GLASSFISH-6935
> and thought it would solve my problem.
> However the main drawback is that this is defined on the
> connector itself, and is thus common to all URLs : on the
> client side, it triggers a certificate choice popup (or password
> credentials on java webstarts) even on unauthenticated
> URLs. This is not an option.
>
> Would it be possible to do a per-url optional certificate,
> may be by defining several login methods in web.xml or so.
> Any advice on this topic will be appreciated, even if this is
> glassfish/grizzly specific.
>
> I have also considered JSR-196, but could not figure out
> if this may solve my problem or not.
> I use GF 3.1.2.2
>
> Regards,
>
> M .Maison