This content has been marked as final.
Show 1 reply
-
1. Re: SSL difference authentication scenarios
dejanmr Mar 10, 2010 11:07 AM (in response to nschweig)
When do I need clientAuth="true" and what does it mean if I use clientAuth="false"?
If I have only configured the webdeployer in JBoss is my authentication secure? And is the communication between JSF and EJB secure?
I hope the questions are not too dumb,,,,:-)
You can set up SSL so client can acces your server via https and be sure you are who you represent as.
But, if you set
clientAuth="true"
client is also requred to have certificate, and you have to thrust this certificate (to have certificate issuer in your trist store)
With
clientAuth="false"
Anyone can access your server (open pages, use web services, etc.)