I am new to spring-security in general and am a bit confused.
The project I am trying to integrate this with uses X509 certificates to identify users for signing in to the application. There are no usernames or passwords. We validate the certificates are good, and that they have been given access to our app.
The question is how do I integrate spring in to this to get their roles using the X509 certificates?
I have seen this:
<http>
...
<x509 subject-principal-regex="CN=(.*?)," user-service-ref="userService"/>
...
</http>
But I don't understand how this works. Will it still require something for a password? Or is the subject all it needs?