I am having difficulty putting all the pieces together to make it happen. I will tell you about my scenario and perhaps some kind-hearted person could fill in the rest for me.
I have a web service deployed to Tomcat 6.0 currently. It is tested to work just fine via a client I wrote. It makes use of Axis (but not Axis2). The jar files I believe are JAX-WS 2.0. I do not control how others access the service but it will likely be someone else's web application calling the service. I would like to make use of X509 certificates because I know the legitimate users all have certificates I can check against on the server side. I would suppose if I can get an HttpServletRequest, as in the FAQ section "With Axis, how can I access authentication information if I use HTTP Authentication? " then I would be home free because I know how to get the certificate from the HttpServletRequestObject, I already do that in a j2ee web application. My question is how do I hook up such Java code as the FAQ I mentioned with my web service. What configuration do I need to do to go to this bit of code which checks certificates instead of just going straight to the method that the client is trying to call? Is it in the web.xml file, context.xml file or what?
Joined: May 07, 2009
Greg Werner wrote:My question is how do I hook up such Java code as the FAQ I mentioned with my web service. What configuration do I need to do to go to this bit of code which checks certificates instead of just going straight to the method that the client is trying to call? Is it in the web.xml file, context.xml file or what?
I think I was looking for something like org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor, although I am skeptical about Spring implementations because I have seen several other packages (LDAP is one I remember rather fondly) that are incomplete and inferior to equivalent implementations in the web community. So other suggestions are greatly appreciated.