You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/modules/ROOT/pages/servlet/authentication/x509.adoc
+3-5
Original file line number
Diff line number
Diff line change
@@ -8,14 +8,12 @@ The browser automatically checks that the certificate presented by a server has
8
8
You can also use SSL with "`mutual authentication`". The server then requests a valid certificate from the client as part of the SSL handshake.
9
9
The server authenticates the client by checking that its certificate is signed by an acceptable authority.
10
10
If a valid certificate has been provided, it can be obtained through the servlet API in an application.
11
-
The Spring Security X.509 module extracts the certificate by using a filter.
12
-
It maps the certificate to an application user and loads that user's set of granted authorities for use with the standard Spring Security infrastructure.
13
-
14
-
You can also use SSL with "`mutual authentication`". The server then requests a valid certificate from the client as part of the SSL handshake.
15
-
The server authenticates the client by checking that its certificate is signed by an acceptable authority.
16
11
For example, if you use Tomcat, you should read the https://tomcat.apache.org/tomcat-10.1-doc/ssl-howto.html[Tomcat SSL instructions].
17
12
You should get this working before trying it out with Spring Security.
18
13
14
+
The Spring Security X.509 module extracts the certificate by using a filter.
15
+
It maps the certificate to an application user and loads that user's set of granted authorities for use with the standard Spring Security infrastructure.
16
+
19
17
20
18
== Adding X.509 Authentication to Your Web Application
21
19
Enabling X.509 client authentication is very straightforward.
0 commit comments