I was trying out a POC on securing web applications on Tomcat server using Certificate based Authentication.
I've actually succeeded in setting up the configurations ie SSL setup at the Server(Tomcat) level.
My agenda is to develop a webservice which will be only provided access to once certificate based authentication is successfully complete.
Would be glad if someone can advise me on how to go about setting up the configurations at the application level which would mainly be in the web.xml file.
All the feedback and suggestions would be welcomed.