HTTPS web connector can be configured to use 2-way SSL with attribute "verify-client". According to documentation: Set to "want" if you want the SSL stack to request a client Certificate, but not fail if one is not presented. When user with valid/invalid certificate is trying to connect to unsecured resource, certificate should be requested when verify-client="want". But certificate is requested only if user try to connect to secured resource, which is the same behavior as verify-client="false".
If you use HttpClient to test I think you can differentiate want an true: the connector is going to give the certificate via the first steps of the SSL dialogue or through a renegociation so a part timing there is no differences.
I have used browser- Firefox to test this behavior. When I use EAP 6.3.0.DR1 (before JBoss Web upgrade) and try to connect to unsecured resource on connector with settings verify-client="want", the client certificate is requested. If I use EAP 6.3.0.DR2 (with new JBoss Web 7.4.0.Beta4) and try to connect to unsecured resource on same connector, the client certificate is not requested. I see this as a regression. Reference to documentation: http://documentation-devel.engineering.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html-single/Security_Guide/index.html#SSL_Connector_Reference1
fixed by r2379
well by r2380 in fact.
It requires a new tag of jbossweb.
JBoss Web upgraded to 7.4.0.Final, see BZ#1077643.
Verified on EAP 6.3.0.DR6