[jboss-user] [JBossWS] - Getting access to X509Certificate
gray727
do-not-reply at jboss.com
Wed Mar 7 16:29:25 EST 2007
My configuration:
JDK 1.5
JBoss AS 4.0.5
JBossWS 1.2.0
WS-Security
The configuration of my web service requires an incoming SOAP message to be digitally signed (using Message Level Security; not BASIC authentication over SSL), and this works fine. However, I have an audit requirement to log the credentials of the client trying to access the service, whether successful or not. In the past (using JWSDP and JSR-109 style web services), I've used security callback functions to meet these sort of requirements.
Is there a way to interact with WS-Security during authentication and authorization and obtain the X509Certificate, Subject, Principal, etc. to log security related events? I've experimented with the WebServiceContext.getUserPrincipal(), but it seems that this is only useful for BASIC authentication, which I'm not using.
thanks.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025975#4025975
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4025975
More information about the jboss-user
mailing list