I am new on using SSL and certificates, so this is
probably not the most intelligent question :-)
I have clients with ssl-certificates on the one side
and jboss3.2.2/tomcat on the other side. They are connected by web-services over http.
each client has different rights to access data, so
I have to find out who is connecting to my stateless EJB through web-services(through tomcat).
I have stored the client-certificates in a database accessible by jboss.
Is there a way in the statless session bean to get the
certificate of the web-service caller, or is there another way to get this ?
This is my arch:
client ----- web-service (over https) ----- tomcat (axis -servlet) ----- stateless session bean on jboss.
Any help really appreciated, also if you have to tell me
that my architecture is trash :-)