-
-
2. Re: WebService with Basic Security Profile
kaprys Nov 14, 2007 6:30 AM (in response to kaprys)Yes, found the way how to do it. But now I'm fighting with another thing.
I would like to get from SOAPHeader information about wsse elements. I know that JBoss doesn't support it now. I'm digging in JBossWS src code and I'm trying to find why only wsa elements are included in SOAP java objects.
Maybe you know where to find and change it?? -
3. Re: WebService with Basic Security Profile
asoldano Nov 14, 2007 8:51 AM (in response to kaprys)What exactly would you like to get from the wsse elements? wsse elements are processed by JBossWS security implementation and removed before dispatching the incoming message to the core part of the stack. Could you tell me something more about what you need?
-
4. Re: WebService with Basic Security Profile
kaprys Nov 14, 2007 9:17 AM (in response to kaprys)Well I would like to get client certificate from the envelope. I need it to verify which client is connecting to webservice, because each client would have different privileges. Because of that I need to get the client certificate on web service level.
-
5. Re: WebService with Basic Security Profile
kaprys Nov 14, 2007 9:38 AM (in response to kaprys)what i would like to realize is authorization based on certificate used for wsse signature
-
6. Re: WebService with Basic Security Profile
asoldano Nov 14, 2007 10:36 AM (in response to kaprys)"kaprys" wrote:
what i would like to realize is authorization based on certificate used for wsse signature
Ok, I guess you need the principal subject of the certificate, may be having the whole certificate that has been used to sign the message is even better. The best way I see to get this is getting it from the signature in the ws-security implementation and setting it into the context (or setting the principal in a security adaptor).
Please create a JIRA issue with this feature request, so that we can eventually schedule it and somebody can work on it.
Thank you -