You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-user@xml.apache.org by Martin Centner <mc...@sbox.tugraz.at> on 2002/01/17 13:25:01 UTC
SSL Client Certificate Authentication
Hi all,
i'm trying to use Apache SOAP with SSL and client-certificate
authentication. The authentication based on client certificates works so
far, but I need access to the client certificate within my Provider.
I am using jakarta-tomcat 3.3 in stand alone mode with the following config:
<Http10Connector port="8443"
secure="true"
clientauth="true"
keystore="server.keystore"
keypass="somepass"
maxThreads="100"
maxSpareThreads="50"
minSpareThreads="10" />
And JSSE in debug mode shows that the client certificate has been accepted.
I have written my own provider (based on a example found in the mailing
list archive) ...
public class myProvider extends RPCJavaProvider {
public void invoke(SOAPContext reqContext, SOAPContext resContext)
throws SOAPException {
HttpServletRequest req = (HttpServletRequest)
reqContext.getProperty(Constants.BAG_HTTPSERVLETREQUEST);
if (!req.isSecure()) throw new SOAPException(
Constants.FAULT_CODE_SERVER, "no SSL");
// invoke the method on the target object
try {
Response resp = RPCRouter.invoke( dd, call, targetObject,
reqContext, resContext );
Envelope env = resp.buildEnvelope();
StringWriter sw = new StringWriter();
env.marshall(sw,call.getSOAPMappingRegistry(),resContext);
resContext.setRootPart( sw.toString(),
Constants.HEADERVAL_CONTENT_TYPE_UTF8);
}
catch( Exception e ) {
if ( e instanceof SOAPException ) throw (SOAPException ) e ;
throw new SOAPException( Constants.FAULT_CODE_SERVER,
e.toString());
}
}
}
req.isSecure returns true if I connect to the Provider over SSL. But
there are no Attributes set for the HttpServletRequest. So how do I get
access to the client certificate?
Thus this work better if I use Apache with mod_jk?
cu
lot