diff --git a/source/java/org/alfresco/web/app/servlet/AlfrescoX509ServletFilter.java b/source/java/org/alfresco/web/app/servlet/AlfrescoX509ServletFilter.java
new file mode 100644
index 0000000000..972c04fbbd
--- /dev/null
+++ b/source/java/org/alfresco/web/app/servlet/AlfrescoX509ServletFilter.java
@@ -0,0 +1,74 @@
+/*
+* Copyright (C) 2005-2013 Alfresco Software Limited.
+*
+* This file is part of Alfresco
+*
+* Alfresco is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Lesser General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* Alfresco is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public License
+* along with Alfresco. If not, see .
+*/
+
+package org.alfresco.web.app.servlet;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.support.WebApplicationContextUtils;
+import org.alfresco.web.scripts.servlet.X509ServletFilterBase;
+
+import javax.servlet.*;
+import java.io.IOException;
+import java.util.Properties;
+
+/**
+ * The AlfrescoX509ServletFilter implements the checkEnforce method of the X509ServletFilterBase.
+ * This allows the configuration of X509 authentication to be toggled on/off through a
+ * configuration outside of the web.xml.
+ **/
+
+public class AlfrescoX509ServletFilter extends X509ServletFilterBase
+{
+ private static final String BEAN_GLOBAL_PROPERTIES = "global-properties";
+ private static final String SECURE_COMMS = "solr.secureComms";
+
+ private static Log logger = LogFactory.getLog(AlfrescoX509ServletFilter.class);
+
+ @Override
+ protected boolean checkEnforce(ServletContext servletContext) throws IOException
+ {
+ /*
+ * Get the secureComms setting from the global properties bean.
+ */
+
+ WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
+ Properties globalProperties = (Properties) wc.getBean(BEAN_GLOBAL_PROPERTIES);
+ String prop = globalProperties.getProperty(SECURE_COMMS);
+
+ if(logger.isDebugEnabled())
+ {
+ logger.debug("secureComms:"+prop);
+ }
+
+ /*
+ * Return true or false based on the property. This will switch on/off X509 enforcement in the X509ServletFilterBase.
+ */
+
+ if (prop == null || "none".equals(prop))
+ {
+ return false;
+ }
+ else
+ {
+ return true;
+ }
+ }
+}
\ No newline at end of file
diff --git a/source/web/WEB-INF/web.xml b/source/web/WEB-INF/web.xml
index 2da1784cfc..116e0cab9d 100644
--- a/source/web/WEB-INF/web.xml
+++ b/source/web/WEB-INF/web.xml
@@ -85,6 +85,15 @@
Global Localization Filter
org.alfresco.web.app.servlet.GlobalLocalizationFilter
+
+
+ X509AuthFilter
+ org.alfresco.web.app.servlet.AlfrescoX509ServletFilter
+
+ cert-contains
+ CN=Alfresco Repository
+
+
@@ -491,74 +521,6 @@
-
-
- SOLR
- /service/api/solr/*
-
-
-
- repoclient
-
-
-
- CONFIDENTIAL
-
-
-
-
-
- SOLR
- /s/api/solr/*
-
-
-
- repoclient
-
-
-
- CONFIDENTIAL
-
-
-
-
-
- SOLR
- /wcservice/api/solr/*
-
-
-
- repoclient
-
-
-
- CONFIDENTIAL
-
-
-
-
-
- SOLR
- /wcs/api/solr/*
-
-
-
- repoclient
-
-
-
- CONFIDENTIAL
-
-
-
-
- CLIENT-CERT
- Repository
-
-
-
- repoclient
-