Client authentication through SSL certificate in JBoss AS 7. This configuration will make sure that only clients whose certificates are trusted by the server may have access to the application

certificates.sh

#create server certificate
keytool -genkey -alias localhost -keyalg RSA -keystore ./localhost.jks -storepass password
#add connector for https
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https">
    <ssl name="ssl" key-alias="localhost" password="password" certificate-key-file="../standalone/configuration/localhost.jks"/>
</connector>

#add server public certificate to client truststore
keytool -export -keystore localhost.jks -alias localhost -file localhost.cer
keytool -import -alias localhost -file localhost.cer -keystore ./servers.jks -storepass password

#create user certificate
keytool -genkey -keystore my.jks -alias client -keyalg RSA

#add to server truststore
keytool -export -keystore my.jks -file client.cer -alias client
keytool -import -keystore clients.jks -alias client -storepass password -file client.cer
#the password it same as the keystore password

#verify client certificate
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https">
     <ssl name="ssl" key-alias="localhost" 
                password="password" certificate-key-file="../standalone/configuration/localhost.jks"
                verify-client="true"
                 ca-certificate-file="../standalone/configuration/clients.jks"
                  truststore-type="JKS"/>
</connector>

Client.java

package com.qwertovsky.ssl;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

public class Client
{
	static String TRUSTSTORE_FILE = "servers.jks";
	static String TRUSTSTORE_PASSWORD = "password";
	static String KEYSTORE_FILE = "my.jks";
	static String KEYSTORE_PASSWORD = "password";
	static String KEY_PASSWORD = "password";
	static String URL = "https://localhost:8443/testWEB";
	static String HOST_NAME = "localhost";
	
	public static void main(String[] args)
	{

		// add server certifications
		TrustManagerFactory tmf = null;
		try
		{
			File file = new File(TRUSTSTORE_FILE);
			FileInputStream fis = new FileInputStream(file);
			KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
			keyStore.load(fis, TRUSTSTORE_PASSWORD.toCharArray());
			tmf = TrustManagerFactory.getInstance(TrustManagerFactory
							.getDefaultAlgorithm());
			tmf.init(keyStore);
			
		} catch (FileNotFoundException e)
		{
			e.printStackTrace();
		} catch (Exception e)
		{
			e.printStackTrace();
		}
		
		// add client certificate
		KeyManagerFactory kmf = null;
		try
		{
			File file = new File(KEYSTORE_FILE);
			FileInputStream fis = new FileInputStream(file);
			KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
			keyStore.load(fis, KEYSTORE_PASSWORD.toCharArray());
			kmf = KeyManagerFactory.getInstance(KeyManagerFactory
							.getDefaultAlgorithm());
			kmf.init(keyStore, KEY_PASSWORD.toCharArray());
			
		} catch (FileNotFoundException e)
		{
			e.printStackTrace();
		} catch (Exception e)
		{
			e.printStackTrace();
		}
		
		// set SSLContext
		try
		{
			SSLContext ctx = SSLContext.getInstance("SSL");
			ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
			HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
		} catch (NoSuchAlgorithmException e1)
		{
			e1.printStackTrace();
		} catch (KeyManagementException e)
		{
			e.printStackTrace();
		}
		
		
		// server name is not in certificate CN
//		HttpsURLConnection
//				.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier()
//				{
//
//					public boolean verify(String hostname,
//							javax.net.ssl.SSLSession sslSession)
//					{
//						if (hostname.equals(HOST_NAME))
//						{
//							return true;
//						}
//						return false;
//					}
//				});
		
		// work with server
		StringBuilder response = new StringBuilder();
		try
		{
			URL url = new URL(URL);
			URLConnection connection = url.openConnection();
			InputStream is = connection.getInputStream();
			Reader in = new InputStreamReader(is, "UTF-8");
			char[] buff = new char[1024];
			int l;
			
			while ((l = in.read(buff)) != -1)
			{
				response.append(buff, 0, l);
			}
		} catch (MalformedURLException e)
		{
			e.printStackTrace();
		} catch (IOException e)
		{
			e.printStackTrace();
		}
		
		System.out.println(response);
		
		// call REST service
		StringBuilder restResponse = new StringBuilder();
		try
		{
			URL url = new URL(URL + "/rest/hello" + "?name=" + "User");
			HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
			connection.setRequestMethod("GET");
			
			InputStream is = connection.getInputStream();
			Reader in = new InputStreamReader(is, "UTF-8");
			char[] buff = new char[1024];
			int l;
			
			while ((l = in.read(buff)) != -1)
			{
				restResponse.append(buff, 0, l);
			}
		} catch (MalformedURLException e)
		{
			e.printStackTrace();
		} catch (IOException e)
		{
			e.printStackTrace();
		}
		
		System.out.println(restResponse);
	}

}