Hi
On 01/06/14 23:31, Penmatsa, Vinay wrote:
Hi,
Is it possible to do custom client authentication using CertConstraintsFeature
with CXF application deployed in tomcat?
Basically, tomcat is configured with SSL. But instead of tomcat doing client auth
for all endpoints, I want to configure it for each service defined in my xml
(<jaxrs:server).
Looks like so, CertConstraintsInterceptor will enforce the constraints,
it appears to work for a case where the client certificate
authentication is required. Tomcat still needs to do the authentication
though, the feature can be then used to restrict which clients can use
to access the given endpoint. I'm not sure you can configure Tomcat to
simply record the client certificate and let the request continue...
Cheers, Sergey
-Vinay
