Hello dear people,

I have a very simple jax web service under glassfish v.2.1 and I want to secure it using mutual authentication. I could configure using server certificates but I have problems with configuring the server to ask client certificates. The problem is that the clients are not asked to provide a valid client certificate to use the service. The clients can easily use the service without having a certificate.
Can anyone tell me what should I do to have this?

I got the example code from Java EE Tutorial: Downloads — Java.net and the sample code that I used is in the folder : javaeetutorial5/examples/jaxws/helloservice-clientcert

Best regards,
Arash.