3 Replies Latest reply on Apr 26, 2017 6:55 AM by mchoma

    Install login cert module.

    fernan1

      Hello,

       

      I have an EAR with a WAR module.

       

      I need that some pages (index and others) have free access but others pages (profile) need a valid certificate to access them. I've been looking and I configure wildfly to use CLIENT-CERT but it always ask for certificate. How can I do that only ask for certificate in the pages that I want?

       

      Thanks!!

        • 1. Re: Install login cert module.
          mchoma

          I was thinking about same scenario couple of days ago, but could not find solution. Problem as I see is CLIENT-CERT is registered globally in web.xml for whole application.

          • 2. Re: Install login cert module.
            pjhavariotis

            In the JBossWeb configuration, there is an attribute called verify-client.

            Try to use CLIENT-CERT authentication in the web.xml and use verify-client=false.

            With this approach, you can secure certain pages in your application with client certificate authentication and at the same time your entire application will be accessed via TLS/SSL.

            • 3. Re: Install login cert module.
              mchoma

              secure certain pages in your application with client certificate authentication

              Question is how can be "certain" achieved. From my point of view, all or none could be confiugred in web.xml