Sun Java System Web Server 6.1 SP7 Programmer's Guide to Web Applications


The certificate realm supports SSL authentication. The certificate realm sets up the user identity in Sun Java System Web Server's security context and populates it with user data from the client certificate. The J2SE containers then handle authorization processing based on each user's DN from his or her certificate. The certificate realm has the following configuration characteristics:

You can add the following optional property to tailor the certificate realm behavior:

When you deploy an application, you must specify CLIENT-CERT as the authentication mechanism in the web.xml file as follows:


You must obtain a client certificate and install it in your browser to complete the setup for client certificate authentication. For details on how to set up the server and client certificates, see the Sun Java System Web Server 6.1 SP7 Administrator’s Guide.

You can configure the server instance for SSL authentication in these ways:

Note –

In most cases, it is not necessary to configure a certificate realm in server.xml when using CLIENT-CERT authentication in web applications. Since the CLIENT-CERT authentication method inherently implies certificate-based authentication, Sun Java System Web Server will internally use a certificate realm even if one is not configured in server.xml. You can still configure a certificate realm if you want to specify properties for it (for example, assign-groups).