[jbossws-issues] [JBoss JIRA] Commented: (JBWS-1907) authorization based on certificate used for wsse signature
Alessio Soldano (JIRA)
jira-events at lists.jboss.org
Tue May 27 02:50:42 EDT 2008
[ http://jira.jboss.com/jira/browse/JBWS-1907?page=comments#action_12414251 ]
Alessio Soldano commented on JBWS-1907:
---------------------------------------
The test org.jboss.test.ws.jaxws.jbws2116.CertAuthTestCase provides an example of certificate authentication. This has been achieved in a more standard way that what was proposed in the attached fix, since we now have JAAS integration for certificate auth too; thus having a list of certificates in the context for hand-made processing shouldn't be required.
I suggest Artur Lipski to take a look at the implementation and the sample and perhaps comment here. User documentation on the wiki will be available in few days.
> authorization based on certificate used for wsse signature
> ----------------------------------------------------------
>
> Key: JBWS-1907
> URL: http://jira.jboss.com/jira/browse/JBWS-1907
> Project: JBoss Web Services
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: ws-security
> Affects Versions: jbossws-2.0.1.SP2
> Environment: Windows XP SP2, JBoss 2.1.0 GA
> Reporter: Artur Lipski
> Assigned To: Alessio Soldano
> Fix For: jbossws-native-3.0.2
>
> Attachments: patch_certificates.txt
>
> Original Estimate: 1 day
> Remaining Estimate: 1 day
>
> getting the principal subject from client certificate or even the whole client certificate on web service level when WS-Security is provided with CLIENT-CERT authentication.
> Something similar to WebServiceContext.getClientCertificate()
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list