Re: Is it possible to check the certificate used for signature with body content ?

[stlecho <st...@gmail.com>]

Hi,

I would be glad if someone could shed some light on this issue and tell me
if this scenario is feasible or completely absurd :-).

Regards, Stefan Lecho.


stlecho wrote:
> 
> Hi,
> 
> I would like to implement the following scenario:
> 
> 1. Rampart checks WS-Security (the normal case)
> 2. A specific handler receives the complete  SOAP Envelope (i.e. SOAP
> Header with Security element and SOAP Body).
> 3. This handler checks the subject of the certificate used for WS-Security
> with the value of an element contained in the SOAP Body.
> 4. If there is a match between the subject of the certificate and the
> value of the element, everything proceeds as normal.
> 5. If there is a mismatch between the subject of the certificate and the
> value of the element, a SOAP Fault is generated.
> 
> When activating the rampart module, I have the impression that it is not
> possible to add a specific handler before rampart treats the message. When
> adding the handler after the SecurityHandler, the MessageContext no longer
> contains the security headers (removed by the SecurityHandler?).
> 
> Is it possible to implement the above scenario and if yes, how?
> 
> Regards, Stefan Lecho.
> 

-- 
View this message in context: http://old.nabble.com/Is-it-possible-to-check-the-certificate-used-for-signature-with-body-content---tp26108410p26335913.html
Sent from the Axis - User mailing list archive at Nabble.com.