[jboss-user] [JBossWS] - Client Authenticated HTTPS and Web Services

herrvendil do-not-reply at jboss.com
Fri Sep 8 07:51:39 EDT 2006


Hi all

In JBOSS-4.0.3 it was possible to get the client certificate used in the https session of a WebService request in order to authorize the web client. 

I used the code that worked:
                        MessageContext messageContext = context.getMessageContext();
  | 		  HttpServletRequest request = (HttpServletRequest) messageContext.getProperty("transport.http.servletRequest");
  | 		  		  
  | 		  Enumeration enumer = request.getAttributeNames();
  | 		  while(enumer.hasMoreElements()){
  | 			  System.out.println(enumer.nextElement());
  | 		  }
  | 		  
  | 		  X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");

I have now also tested 
HttpServletRequest request = (HttpServletRequest) messageContext.getProperty("javax.xml.ws.servlet.request");

with JBOSS-4.0.4-p1 but the request seem not to return any attributes.

Can anyone give me an example of how to achieve this in any way using jboss-4.0.4-GA

WS-Security signing/encryption is not an option in my case. 

Thankfull for any help
Philip

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970326#3970326

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3970326



More information about the jboss-user mailing list