[jboss-jira] [JBoss JIRA] (JBWEB-243) HTTPS / TLS Client certificate authentication does not give client certificate to server side
Tomas Gustavsson (JIRA)
jira-events at lists.jboss.org
Tue Oct 2 10:50:03 EDT 2012
[ https://issues.jboss.org/browse/JBWEB-243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12723331#comment-12723331 ]
Tomas Gustavsson edited comment on JBWEB-243 at 10/2/12 10:48 AM:
------------------------------------------------------------------
Ok, after much struggling I found out it is because of WSDL location rewrite. The wsdl specifies that my webservice in on http://localhost:8080, which is not the SSL port.
In JBoss 5 you would simply comment out:
<property name="webServiceHost">${jboss.bind.address}</property>
In order for the wsdl rewrite to replace the host and port of:
<soap:address location="http://localhost:8443/ejbca/ejbcaws/ejbcaws"/>
with what was actually used to call the service. In JBoss previous to JBoss 5 this was default (which seems natural to me), in JBoss 5 we had to configure this to workaround.
I found in standalone.xml the part with <wsdl-host>. I found the docs at:
https://docs.jboss.org/author/display/JBWS/Advanced+User+Guide
There I found the <wsdl-host>jbossws.undefined.host</wsdl-host> setting. With that it does work as expected,
This issue can be closed.
was (Author: tomasg1):
Ok, after much struggling I found out it is because of WSDL location rewrite. The wsdl specifies that my webservice in on http://localhost:8080, which is not the SSL port.
In JBoss 5 you would simply comment out:
<property name="webServiceHost">${jboss.bind.address}</property>
In order for the wsdl rewrite to replace the host and port of:
<soap:address location="http://localhost:8443/ejbca/ejbcaws/ejbcaws"/>
with what was actually used to call the service. In JBoss previous to JBoss 5 this was default (which seems natural to me), in JBoss 5 we had to configure this to workaround.
How can we workaround it in JBoss 7?
I found in standalone.xml the part with <wsdl-host>. I found the docs at:
https://docs.jboss.org/author/display/JBWS/Advanced+User+Guide
There I found the <wsdl-host>jbossws.undefined.host</wsdl-host> setting. With that it does work as expected,
This issue can be closed.
> HTTPS / TLS Client certificate authentication does not give client certificate to server side
> ---------------------------------------------------------------------------------------------
>
> Key: JBWEB-243
> URL: https://issues.jboss.org/browse/JBWEB-243
> Project: JBoss Web
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Environment: JBoss AS 7.1.0.GA
> Reporter: Tomas Gustavsson
>
> We use client certificate authentication (TLS) for our webservice (JAX-WS annotated EJB).
> In JBoss 5 and 6 the following code worked to fetch the client certificate in the session bean.
> MessageContext msgContext = wsContext.getMessageContext();
> HttpServletRequest request = (HttpServletRequest) msgContext.get(MessageContext.SERVLET_REQUEST);
> X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
> In JBoss AS 7.1.0.GA no certificate is retrieved.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list