1 Reply Latest reply on Sep 14, 2006 1:35 PM by thomas.diesler

Client Authenticated HTTPS and Web Services

herrvendil Sep 8, 2006 7:51 AM

Hi all

In JBOSS-4.0.3 it was possible to get the client certificate used in the https session of a WebService request in order to authorize the web client.

I used the code that worked:

MessageContext messageContext = context.getMessageContext();
 HttpServletRequest request = (HttpServletRequest) messageContext.getProperty("transport.http.servletRequest");

 Enumeration enumer = request.getAttributeNames();
 while(enumer.hasMoreElements()){
 System.out.println(enumer.nextElement());
 }

 X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");

I have now also tested

HttpServletRequest request = (HttpServletRequest) messageContext.getProperty("javax.xml.ws.servlet.request");

with JBOSS-4.0.4-p1 but the request seem not to return any attributes.

Can anyone give me an example of how to achieve this in any way using jboss-4.0.4-GA

WS-Security signing/encryption is not an option in my case.

Thankfull for any help
Philip

1. Re: Client Authenticated HTTPS and Web Services

thomas.diesler Sep 14, 2006 1:35 PM (in response to herrvendil)

I believe this is a Tomcat issue. Could you test this with an ordinary webapp (i.e. no webservice)

In case the problem stll show, create a bug in the jbossas project
Actions