File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Services and the fly likes Using multiple, arbitrary certificates Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Using multiple, arbitrary certificates" Watch "Using multiple, arbitrary certificates" New topic
Author

Using multiple, arbitrary certificates

John Farrel
Ranch Hand

Joined: May 24, 2010
Posts: 84

I am looking at engineering a web application that calls a client web service.
The users of the web application require to supply a certificate if they want to use the client web service. Once they have uploaded the certificate, then the functionality should become usable.

The client web service is implemented in axis 2.

The question I have is, how do I ensure the correct user can call the client with the correct certificate?
Do I add all uploaded certificates into a central keystore? I would prefer to be able to supply each user's certification only as and when they use the web server, preferably without writing any certificates out to file.

Basically I want to plug in appropriate supplied certification at runtime.

Is this possible?

John
John Farrel
Ranch Hand

Joined: May 24, 2010
Posts: 84

So that's a no then?

John Farrel
Ranch Hand

Joined: May 24, 2010
Posts: 84
damn.
Vijitha Kumara
Bartender

Joined: Mar 24, 2008
Posts: 3838

So you are looking at a client-cert type authentication here for the web app and that should control the WS calls based on the authentication?


SCJP 5 | SCWCD 5
[How to ask questions] [Twitter]
John Farrel
Ranch Hand

Joined: May 24, 2010
Posts: 84

Here's what I need to do...

I engineer a web server that includes client web service access to a third pary.
If users want to use this service, they will need to contact the third party and get a certificate, which they will upload to my server.

I want to be able to store every user's certificate seperately, and use that certificate when the user is calling the third party web service. This is why I want a way to inject the specific certificate on each web service call, rather than accumulate thousands of certificates in a single keystore.

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Using multiple, arbitrary certificates