Ben,

Is there some built-in support for SSL client authentication in Acegi? In my scenario there should be both users without client certificate which need to provide username/password and users with client certificate - they should be "logged in automaticaly".

I'll appreciate any advice or direction which way to go.

Thanks,
Karel

PS: I'm happy to see the SF CVS is running again.

Acegi Security does not presently support SSL client certificate authentication.

Approaching this with a suitable filter would work, as the Acegi Security interfaces allow you to delegate the processing to an AuthenticationManager etc.

Your alternative is to use a container adapter and client certificates via web.xml. That way the container takes care of certificate presentation and processing (authentication), with Acegi Security only handling authorization.