Hi all
In JBOSS-4.0.3 it was possible to get the client certificate used in the https session of a WebService request in order to authorize the web client.
I used the code that worked:
MessageContext messageContext = context.getMessageContext(); HttpServletRequest request = (HttpServletRequest) messageContext.getProperty("transport.http.servletRequest"); Enumeration enumer = request.getAttributeNames(); while(enumer.hasMoreElements()){ System.out.println(enumer.nextElement()); } X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
HttpServletRequest request = (HttpServletRequest) messageContext.getProperty("javax.xml.ws.servlet.request");
I believe this is a Tomcat issue. Could you test this with an ordinary webapp (i.e. no webservice)
In case the problem stll show, create a bug in the jbossas project