The java web application we are making responds to requests from browser and request from restful clients. The URL for both of these requests will be different. For request originating from Browser we need one way authentication and for request from restful clients we need two way authentication. Our application will be available on 2 App servers. Jetty(8) and weblogic (10.3.4)
In Jetty we have overridden the "org.eclipse.jetty.server.ssl.SslSelectChannelConnector" and added logic in the "customize" method to check the URL and the presence of javax.servlet.request.X509Certificate attribute. If the URL is from browser dont check certificate. If the URL is from restful client, check if certificate is present and if not throw exception.