We use Spring security and want to use Two Way SSL for a few Jersey based REST APIs exposed for mobile devices. SSL is offloaded at load-balancer or apache level.
Can we still get access to client certificate at web app level? On second thought we can live without having access to client cert but can we have load-balancer or apache configured to request for client cert only for a specific urls? Is there a standard for this? -Bipin
