example in Chapter 5
WS-Security can be used with
by using the Metro packages. WS-Security is easier under GlassFish
precisely because the current Metro release is part of the GlassFish
distribution. This section illustrates the point.
The first example focuses on peer authentication using digital certificates.
In a typical browser-based web application, the browser challenges the web server to authenticate itself when the browser tries to establish an HTTPS connection with the server. As discussed earlier in Chapter 5, the web server typically does not challenge the client. For instance, the default behavior of Tomcat is not to challenge a client. GlassFish ...