I am looking at engineering a web application that calls a client web service.
The users of the web application require to supply a certificate if they want to use the client web service. Once they have uploaded the certificate, then the functionality should become usable.
The client web service is implemented in axis 2.
The question I have is, how do I ensure the correct user can call the client with the correct certificate?
Do I add all uploaded certificates into a central keystore? I would prefer to be able to supply each user's certification only as and when they use the web server, preferably without writing any certificates out to file.
Basically I want to plug in appropriate supplied certification at runtime.
I engineer a web server that includes client web service access to a third pary.
If users want to use this service, they will need to contact the third party and get a certificate, which they will upload to my server.
I want to be able to store every user's certificate seperately, and use that certificate when the user is calling the third party web service. This is why I want a way to inject the specific certificate on each web service call, rather than accumulate thousands of certificates in a single keystore.