I actually devote a whole chapter in the book to X.509 (client certificate) authentication. I would say that the majority of the issues / confusion around X.509 authentication tend to be more around the lifecycle and correct management and installation of certificates, server trust stores, etc. and not so much the configuration of Spring Security 3 itself.
It looks from the below code as though you are on the right track, though!
Author, Spring Security 3 (the Book), Packt Publishing, 2010
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com