Java Reference
In-Depth Information
either basic or form-based authentication. It uses HTTP over SSL (HTTPS), in which the
server authenticates the client using the client's public key certificate. SSL technology
provides data encryption, server authentication, message integrity, and optional client au-
thentication for a TCP/IP connection. You can think of a public key certificate as the digit-
al equivalent of a passport. The certificate is issued by a trusted organization, a certificate
authority (CA), and provides identification for the bearer.
Before using client authentication, make sure the client has a valid public key certificate.
For more information on creating and using public key certificates, read “
Working with
Digital Certificates
”
on page
311
.
The following example shows how to declare client authentication in your deployment
descriptor:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
Mutual Authentication
With
mutual authentication
, the server and the client authenticate each other. Mutual au-
thentication is of two types:
• Certificate-based (see
Figure 19-1
)
