3 Replies Latest reply on Apr 13, 2006 8:17 PM by amdonov

    Client Cert EJB

    amdonov Newbie

      I'm moving from a webapp using client-cert authentication to a thick client. I need to continue using certificates for authentication. All work is performed in EJBs, and I was considering a couple of different approaches.

      1. Enable RMI+SSL for EJBs and subclass RMISSLClientSocketFactory and RMISSLServerSocketFactory to provide/require client certificates. Will the certificate be available to a JAAS CallbackHandler for authentication?

      2. Copy the SRP stuff where possible, but use certificates.

      Is either one of these feasible or should I pursue something else?
      Any advice is appreciated.