0 Replies Latest reply on Jul 31, 2014 5:39 PM by Sean K

    Securely connecting from JBAS7 to another JBAS7, specifying client security context

    Sean K Newbie

      I am new to Jboss6.2EAP, (with bundled JBossAS7).   I have configured the standalone jboss to accept twoway mutual SSL connections.  (I am using self-signed certs for development).

       

      So far, I am able to use firefox and a custom java client.   With the java client, I am able to post a soap message to a webservice app that I have deployed to the standalone JBossAS7. 

       

      On the server side of that web service, I am able to get access to the Http request Headers, and the Http Request attributes (specifically the X.509 cert, cipher_suite, ssl_session_id and key_size). 

       

      I am trying to determine if it is technically feasible to make a secure SSL connection to a downstream SSL web service on the same or different JBAS7, and pass along the client context (X.509, etc) so that the downstream web services can authenticate and authorize the request themselves.

       

      I see this documentation for the WL platform so I am thinking that it must be possible for the JBOSS platform. 

      Can someone point to me the documentation to assist me in building that second downstream SSL connection to the next web service?

       

      http://docs.oracle.com/cd/E11035_01/wls100/security/SSL_client.html#wp1033777