'How to require client certificate authentication in only specific java servlets?
I am trying to create a java servlet application that requires client certificate authentication, but only on specific pages. I would like to have a landing page that doesn't require any sort of authentication which will have a link/button to go to a page that does require authentication. Is there a way to do this?
I am using OpenLiberty as the servlet container. I am familiar with using ClientAuthenticationSupported="true" (in server.xml), but I do not want the user prompted to select a certificate until they reach a certain page. I have also looked at HttpServletRequest, but don't see a way to force a specific type of authentication with the available methods.
I want the user to be prompted like they would be visiting prod.idrix.eu/secure. Is there a way to set a servlet's authentication type programmatically to accomplish this? Any help would be appreciated. I think this can be done using two different applications (one that does not require authentication and one that does), but I would like to keep it all as one.
Thanks.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|