This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Services and the fly likes Using multiple, arbitrary certificates Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Using multiple, arbitrary certificates" Watch "Using multiple, arbitrary certificates" New topic

Using multiple, arbitrary certificates

John Farrel
Ranch Hand

Joined: May 24, 2010
Posts: 83

I am looking at engineering a web application that calls a client web service.
The users of the web application require to supply a certificate if they want to use the client web service. Once they have uploaded the certificate, then the functionality should become usable.

The client web service is implemented in axis 2.

The question I have is, how do I ensure the correct user can call the client with the correct certificate?
Do I add all uploaded certificates into a central keystore? I would prefer to be able to supply each user's certification only as and when they use the web server, preferably without writing any certificates out to file.

Basically I want to plug in appropriate supplied certification at runtime.

Is this possible?

John Farrel
Ranch Hand

Joined: May 24, 2010
Posts: 83

So that's a no then?

John Farrel
Ranch Hand

Joined: May 24, 2010
Posts: 83
Vijitha Kumara

Joined: Mar 24, 2008
Posts: 3816

So you are looking at a client-cert type authentication here for the web app and that should control the WS calls based on the authentication?

[How to ask questions] [Twitter]
John Farrel
Ranch Hand

Joined: May 24, 2010
Posts: 83

Here's what I need to do...

I engineer a web server that includes client web service access to a third pary.
If users want to use this service, they will need to contact the third party and get a certificate, which they will upload to my server.

I want to be able to store every user's certificate seperately, and use that certificate when the user is calling the third party web service. This is why I want a way to inject the specific certificate on each web service call, rather than accumulate thousands of certificates in a single keystore.

I agree. Here's the link:
subject: Using multiple, arbitrary certificates
Similar Threads
Calling getUserPrincipal() in a Web Service returns ANONYMOUS
One way SSL - Certificate not trusted - Server trust store
Select a certificate from a keystore for client authentication
Basic Authenication with SSL?
How to overide security behavior in j2me mobile application to accept self signed certitficate?