In web.xml of a war file I’m forcing ssl to be used for a particular servlet.
Tomcat has been configured for client authentication.
<!-- Force SSL for entire site -->
<security-constraint>
<web-resource-collection>
<web-resource-name>RUSA
Authentication</web-resource-name>
<url-pattern>/ClientCertSignServlet</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
When I try to access the servlet (using http url) , it immediately returns 302
permanently moved. It is supposed to ask the user to choose a certificate from
the list of available certificates in the browser cert store and use it for
client authentication. How to get it working?
Thanks
Kannan