1 Reply Latest reply on Sep 14, 2006 1:35 PM by Thomas Diesler

    Client Authenticated HTTPS and Web Services

    herrvendil Newbie

      Hi all

      In JBOSS-4.0.3 it was possible to get the client certificate used in the https session of a WebService request in order to authorize the web client.

      I used the code that worked:

      MessageContext messageContext = context.getMessageContext();
       HttpServletRequest request = (HttpServletRequest) messageContext.getProperty("transport.http.servletRequest");
      
       Enumeration enumer = request.getAttributeNames();
       while(enumer.hasMoreElements()){
       System.out.println(enumer.nextElement());
       }
      
       X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");


      I have now also tested
      HttpServletRequest request = (HttpServletRequest) messageContext.getProperty("javax.xml.ws.servlet.request");


      with JBOSS-4.0.4-p1 but the request seem not to return any attributes.

      Can anyone give me an example of how to achieve this in any way using jboss-4.0.4-GA

      WS-Security signing/encryption is not an option in my case.

      Thankfull for any help
      Philip