Hi everyone! I have an application based on servlets, and two different authentication mechanisms. The user can be authenticated with client certificate(CERT-CLIENT), if there is a client certificate installed on the web browser. And can be authenticated using an HTML form(FORM) if the first method doesnt authenticate the user. My problem is that Im able to authenticate a user, using the Subject Distinguished Name as a username on HTML form, without a password.
I found a solution that might be right, but a have a question about that: Can I configure different Reamls to use on differents authentications mechanisms in the same application? Regards from Braga, Portugal Bárbara Vieira
