This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I have a client-server app that is required to communicate via SSL Mutual Authentication. Client and server both run on seperate Jboss instances on different hosts.
Based on what I gather, there are two ways of doing this authentication.
1. Leverage Jboss SSL authentication and set clientAuth=true in the HTTPS connector (server.xml)
2. Create my own SSLScoket and set useClientMode=false
Im using HTTPClient for creating connection between client and server. Does anyone know which method is better (or more secure) ?