File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Services and the fly likes Using multiple, arbitrary certificates Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Using multiple, arbitrary certificates" Watch "Using multiple, arbitrary certificates" New topic

Using multiple, arbitrary certificates

John Farrel
Ranch Hand

Joined: May 24, 2010
Posts: 83

I am looking at engineering a web application that calls a client web service.
The users of the web application require to supply a certificate if they want to use the client web service. Once they have uploaded the certificate, then the functionality should become usable.

The client web service is implemented in axis 2.

The question I have is, how do I ensure the correct user can call the client with the correct certificate?
Do I add all uploaded certificates into a central keystore? I would prefer to be able to supply each user's certification only as and when they use the web server, preferably without writing any certificates out to file.

Basically I want to plug in appropriate supplied certification at runtime.

Is this possible?

John Farrel
Ranch Hand

Joined: May 24, 2010
Posts: 83

So that's a no then?

John Farrel
Ranch Hand

Joined: May 24, 2010
Posts: 83
Vijitha Kumara

Joined: Mar 24, 2008
Posts: 3817

So you are looking at a client-cert type authentication here for the web app and that should control the WS calls based on the authentication?

[How to ask questions] [Twitter]
John Farrel
Ranch Hand

Joined: May 24, 2010
Posts: 83

Here's what I need to do...

I engineer a web server that includes client web service access to a third pary.
If users want to use this service, they will need to contact the third party and get a certificate, which they will upload to my server.

I want to be able to store every user's certificate seperately, and use that certificate when the user is calling the third party web service. This is why I want a way to inject the specific certificate on each web service call, rather than accumulate thousands of certificates in a single keystore.

subject: Using multiple, arbitrary certificates
Similar Threads
Calling getUserPrincipal() in a Web Service returns ANONYMOUS
One way SSL - Certificate not trusted - Server trust store
Select a certificate from a keystore for client authentication
Basic Authenication with SSL?
How to overide security behavior in j2me mobile application to accept self signed certitficate?