[jboss-user] [Security & JAAS/JBoss] - Combine FORM and CLIENT-CERT authentication
lujop
do-not-reply at jboss.com
Tue Feb 6 11:56:46 EST 2007
Hello,
In our application we want to try to authenticate users first with a client certificate and if it isn't possible use a typical user/password form.
The problem is that I don't know how to do that in the web.xml because in the <login config> of webm.xml I can only set one auth-method (see at the end).
The documentation says:
anonymous wrote : You can chain together multiple LoginModules to allow for more than one authentication technology to participate in the authentication process. For example, one LoginModule may perform username/password-based authentication, while another may interface to hardware devices such as smart card readers or biometric authenticators.
And its true, I can have multiple loginmodules without problem. But in the web.xml how can I combine certificates with user/password?
Code from web.xml:
| <login-config>
| <auth-method>CLIENT-CERT</auth-method>
| <realm-name>xclinicportal</realm-name>
| <form-login-config>
| <form-login-page>/jsp/login.jsp</form-login-page>
| <form-error-page>/jsp/login.jsp?errorLogin=1</form-error-page>
| </form-login-config>
|
| </login-config>
|
|
A lot of thanks in advance
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4012030#4012030
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4012030
More information about the jboss-user
mailing list