2 Replies Latest reply on Jul 1, 2009 5:08 PM by Tomaz Cerar

    Seam 2.1.1 GA and Client Certificate

    Augusto Senerchia Newbie

      Hi, I'm trying to implement two different authentication methods in a simple web application developed with JBoss 4.2.3.GA and Seam 2.1.1.GA One method uses the standard form based login (redirect to a login.seam page) while the other one uses the data contained in the client certificate (and the user is redirected to crslogin.seam to automate the login). In both case I'would like to leverage Seam Seam security to avoid plain J2EE security.


      For the client certificate, I'm not able to read the X509 attribute from the HTTPServletRequest, even if I disable the web:identity-filter (according to
      https://jira.jboss.org/jira/browse/JBSEAM-3629).


      Do you think it is possible to use Seam security and, at the same time intercept the data contained in the client certificate?


      At the moment, I've successfully made the mutual authentication work, but I failed in reading the certificate.


      Do you have some links to relevant doucmentation or an alternate solution?


      Thanks, Agus.