[jboss-user] [Security & JAAS/JBoss] - Combine FORM and CLIENT-CERT authentication

Hello, In our application we want to try to authenticate users first with a client certificate and if it isn't possible use a typical user/password form. The problem is that I don't know how to do that in the web.xml because in the <login config> of webm.xml I can only set one auth-method (see at the end). The documentation says: anonymous wrote : You can chain together multiple LoginModules to allow for more than one authentication technology to participate in the authentication process. For example, one LoginModule may perform username/password-based authentication, while another may interface to hardware devices such as smart card readers or biometric authenticators. And its true, I can have multiple loginmodules without problem. But in the web.xml how can I combine certificates with user/password? Code from web.xml: | <login-config> | <auth-method>CLIENT-CERT</auth-method> | <realm-name>xclinicportal</realm-name> | <form-login-config> | <form-login-page>/jsp/login.jsp</form-login-page> | <form-error-page>/jsp/login.jsp?errorLogin=1</form-error-page> | </form-login-config> | | </login-config> | | A lot of thanks in advance View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4012030#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...