aspose file tools*
The moose likes Web Services and the fly likes Web Services and X509 Certificate Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "Web Services and X509 Certificate Authentication" Watch "Web Services and X509 Certificate Authentication" New topic
Author

Web Services and X509 Certificate Authentication

Greg Werner
Ranch Hand

Joined: May 07, 2009
Posts: 54
I am having difficulty putting all the pieces together to make it happen. I will tell you about my scenario and perhaps some kind-hearted person could fill in the rest for me.

I have a web service deployed to Tomcat 6.0 currently. It is tested to work just fine via a client I wrote. It makes use of Axis (but not Axis2). The jar files I believe are JAX-WS 2.0. I do not control how others access the service but it will likely be someone else's web application calling the service. I would like to make use of X509 certificates because I know the legitimate users all have certificates I can check against on the server side. I would suppose if I can get an HttpServletRequest, as in the FAQ section "With Axis, how can I access authentication information if I use HTTP Authentication? " then I would be home free because I know how to get the certificate from the HttpServletRequestObject, I already do that in a j2ee web application. My question is how do I hook up such Java code as the FAQ I mentioned with my web service. What configuration do I need to do to go to this bit of code which checks certificates instead of just going straight to the method that the client is trying to call? Is it in the web.xml file, context.xml file or what?
Greg Werner
Ranch Hand

Joined: May 07, 2009
Posts: 54
Greg Werner wrote:My question is how do I hook up such Java code as the FAQ I mentioned with my web service. What configuration do I need to do to go to this bit of code which checks certificates instead of just going straight to the method that the client is trying to call? Is it in the web.xml file, context.xml file or what?


I think I was looking for something like org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor, although I am skeptical about Spring implementations because I have seen several other packages (LDAP is one I remember rather fondly) that are incomplete and inferior to equivalent implementations in the web community. So other suggestions are greatly appreciated.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Web Services and X509 Certificate Authentication