-
1. Re: Retrieving alias for WS Secure client
bigdaddy66 Jun 7, 2007 9:12 AM (in response to nightcap)keytool -list -keystore
this shows you all aliases in the keystore -
2. Re: Retrieving alias for WS Secure client
bigdaddy66 Jun 7, 2007 9:13 AM (in response to nightcap)shit i cant edit - after -keystore must the file of the keystore :-)
keytool -list -keystore wsse.keystore
keytool is a program from sun shipped with the JRE and JDK. -
3. Re: Retrieving alias for WS Secure client
nightcap Jun 7, 2007 9:28 AM (in response to nightcap)Thanks, but using keytool is not what I am looking for. My question is if I from inside the web service method am able to extract the alias corresponding to the client's certificate. This imposes two steps
1. How do I extract the clients certificate from inside the web service method. One way would be to locate the wsse:BinarySecurityToken xml-tag in the SOAP message, extract the Base64-encoded certificate and then create an X509Certificate object from it, but that is not very elegant.
2. Lookup the alias in the keystore. To do that I could use KeyStore.getAliasForCertificate() provided 1. is solved.
I am looking for something similair to WebServiceContext.getClientCertificate()...
Anybody has a suggestion?
Thanks -
4. Re: Retrieving alias for WS Secure client
thomas.diesler Jun 18, 2007 4:34 PM (in response to nightcap)This is currently not supported. You are however welcome to contribute this extension
-
5. Re: Retrieving alias for WS Secure client
kaprys Nov 4, 2007 3:56 PM (in response to nightcap)Hi,
I'm having very identical problem. I would like to authenticate the connecion with webservice using x509 certificate. Many clients will connect to webservice. Every client will have their own certificate. Webservice should recognize with client is connecting to him after getting the name from certificate.
And here I have two problems. First problem is that I really don't know whether I configure the authentication to webservice in a good way.
And the second problem is that I don't know how to get then certificate from MessageContext.
I found such example:
@Resource
WebServiceContext ctx;
...
MessageContext msg = ctx.getMessageContext();
HttpServletRequest req = (HttpServletRequest) msg.get(MessageContext.SERVLET_REQUEST);
X509Certificate[] certificates = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
if (certificates != null) {
X509Certificate cert = certificates[0];
Principal clientDN = cert.getSubjectDN();
String name = clientDN.getName()
}
And every time certificates is null.
Could anybody help me??
Maybe you know any tutorial where is shown how to configure the webservice to make a authentication via certificate because I don't have any idea what to do :( -
6. Re: Retrieving alias for WS Secure client
asoldano Nov 16, 2007 10:42 AM (in response to nightcap)This is related to http://jira.jboss.org/jira/browse/JBWS-652
-
7. Re: Retrieving alias for WS Secure client
mrostan Feb 25, 2008 12:41 PM (in response to nightcap)Hi all
We have modified JBossWS 2.0.1 to leave an array of the certificates used in the signature/encryption process available in the message context:Certificate[] certificates = msgContext.get("MESSAGE_CERTIFICATES");
There's not an automatic validation against JAAS implemented (as described in JBWS-652) we simply make the participating certificates available.
If somebody is still interested we can try to apply the patch to the current trunk and upload it.
Regards,
Martin