We have few external clients requesting their data from the same server using the same endpoint.
I would like to configure security using both their and ours private keys as follows:
- every client signs their request with their private key, and the server uses the corresponding public key (from keystore) to authorize them and get their principal.
- our response is signed with our server private key (from trusted store), and clients use our public key to authenticate the response.
I tried to get through WIKI and User Guide, tried jboss-wsse-server.xml configs from there, but there is no example similar to what I need if I did not miss something.
How do I configure WS-Security for this scenario?
My env: java 6, JBoss 5.0.0CR1, jbossws core 3.02. Clients are .NET if this is important.