Using Client Certificates for Authentication
There are at least two ways to use client certificates for authentication, but only one is likely to be supported by most servlet engines. The safest way to do certification authentication is to set the authentication method in the <auth-method> tag to CLIENT-CERT.
After the client has been authenticated, you can access the java.security.Principal object that represents the user by calling getUserPrincipal.
Note
Because certificate authentication is rarely used in typical applications, you might have difficulty finding a servlet engine that supports certificate authentication.
Your second option is to not use the normal authentication mechanism and go back to checking authentication manually, like ...
Get Special Edition Using Java™ 2 Enterprise Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
