axis and SSL client certificate: how do I make the certificate info available to the web service itself

[Arnaud SAHUGUET <sa...@lucent.com>]

Hi,

I want to deploy web services based on client authentication.
For instance, I want to provide access to a database through a web
service and access control is done via SSL certificates and not
username and password.

Basically, the client application connects to Axis.

The Axis server will look at the presence (or not) of a client
certificate, checks the certificate against a CA and if successful
will extract some information from the certificate (e.g. DN, OU,
EMAIL, etc.).

Then the server will pass this extracted information to the web
service itself. The web service will check that the user (identified
by its DN for instance) is a valid user and the action of the message
will be performed.

I have managed to configure Tomcat to accept client certificates.  What
I am struggling with is is how (what class do I need to change or extend)
do I extract the information from the certificate and how do I make
this information available to Axis and to the web service itself?

regards,

Arnaud