After searching for a while I could not figure out how to implement the following scenario:
1. User is authenticated by his certificate, AND 2. User is authenticated by using the login form.
It doesn't work if I chain BaseCertLoginModule and DatabaseServerLoginModule: if I specify CLIENT-CERT as the auth-method in web.xml, then login form is not shown and authentication fails (no place to take name and password from). If I specify FORM as the auth-method, then authentication fails as the certificate is not provided for the BaseCertLoginModule.
Is it possible to check the certificate and show the login form (later I would like to check if username from the form is the same as the name from the certificate)?