In this chapter, we examined the architecture, flow, and Spring Security support for client certificate-based authentication. We have covered the following:
- Reviewed the concepts and overall flow of client certificate (mutual) authentication
- Learned the important steps required to configure Apache Tomcat for a self-signed SSL and client certificate scenario
- Configured Spring Security to understand certificate-based credentials presented by clients
- Understood the architecture of Spring Security classes related to certificate authentication
- Discovered how to configure a Spring bean-style client certificate environment
- Weighed the pros and cons of this type of authentication
It's quite common for developers unfamiliar with client certificates to ...