[JBossWS-Metro] - best way to capture credentials in wsit-protected service?
by sun-certified
hi forum,
i'm working with jbossws metro 3.1.0.GA on jboss 5.0.1.GA.
i've been able to get the glassfish example described https://jax-ws.dev.java.net/guide/Configuring_Security_Using_NetBeans_IDE....
unlike the original https://jax-ws.dev.java.net/guide/Configuring_Security_Using_NetBeans_IDE... uses a symmetric binding policy; meaning: the client creates a secret key, encrypts the secret key with the server's public key, the client sends the encrypted secret key in the soap request to the server; and the client and server sign and encrypt stuff back and forth using that encrypted secret (symmetric) key.
now that i got that working as a proof of concept, i need to configure wsit for mutual x509 cert authentication. once the service receives and authenticates the client's x509 cert, i want to be able to capture the client's cert (from javax.security.auth.Subject.getPrincipal() or something ) and extract the client's distinguished name - to do authorization based on the dn (using jbossxacml).
please, can anybody here recommend the simplest, easiest way to do that? can i get at the subject in a handler if i get a hold of the WebServiceContext? can anybody point me to a straightforward, easy to follow recipe somewhere, please?
thanks in advance for your help.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4223521#4223521
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4223521
15 years, 9 months
- 1
- 0