You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Stephen BROOKE <sb...@mdacorporation.com> on 2006/05/19 18:48:28 UTC
Client Authentication using Certificates for restricting access to an Axis Web Service
I have an Axis 1.x web service available via Apache using SSL only. Our
requirement is that we authenticate users of the service with Apache
client authentication using certificates.
The URL for the web service is something like:
https://www.mydomain.com/l3ci/services/myoperation
In my Apache configuration I have the following:
-----------------------
SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
Alias /l3ci "/home/dev/myapphome/site/server1/l3ci"
<Directory "/home/dev/myapphome/site/server1/l3ci">
Options MultiViews
AllowOverride None
Order allow,deny
Allow from all
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 1
</Directory>
-----------------------
I have the root certificate in the 'ca-bundle.crt' file and I have both
the root cert and a valid client cert signed by that CA imported into my
browsers.
I use a browser such as Firefox and IE to test the client authentication
configuration but I can only get it to work from the URL:
https://www.mydomain.com/l3ci but I need authentication to work from
the
full service URL above.
As I understand it, Apache client authentication can at best serve at
the <Directory> directive level. But my web service URL does not
correspond to an actual directory on disk!
My question is: Has anyone encountered this problem and found a way to
do
this or does anyone have any ideas to try?
--Steve
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Client Authentication using Certificates for restricting access to an Axis Web Service
Posted by ajax chelsea <aj...@gmail.com>.
could we use wildchars ? such as:
Alias /l3ci "/home/dev/myapphome/site/server1/l3ci/** "
<Directory "/home/dev/myapphome/site/server1/l3ci/** ">
Options MultiViews
AllowOverride None
Order allow,deny
Allow from all
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 1
</Directory>
2006/5/20, Stephen BROOKE <sb...@mdacorporation.com>:
>
> I have an Axis 1.x web service available via Apache using SSL only. Our
> requirement is that we authenticate users of the service with Apache
> client authentication using certificates.
>
> The URL for the web service is something like:
> https://www.mydomain.com/l3ci/services/myoperation
>
>
> In my Apache configuration I have the following:
>
> -----------------------
> SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
>
> Alias /l3ci "/home/dev/myapphome/site/server1/l3ci"
>
> <Directory "/home/dev/myapphome/site/server1/l3ci">
> Options MultiViews
> AllowOverride None
> Order allow,deny
> Allow from all
> SSLRequireSSL
> SSLVerifyClient require
> SSLVerifyDepth 1
> </Directory>
> -----------------------
>
> I have the root certificate in the 'ca-bundle.crt' file and I have both
> the root cert and a valid client cert signed by that CA imported into my
> browsers.
>
> I use a browser such as Firefox and IE to test the client authentication
> configuration but I can only get it to work from the URL:
>
> https://www.mydomain.com/l3ci but I need authentication to work from
> the
> full service URL above.
>
> As I understand it, Apache client authentication can at best serve at
> the <Directory> directive level. But my web service URL does not
> correspond to an actual directory on disk!
>
> My question is: Has anyone encountered this problem and found a way to
> do
> this or does anyone have any ideas to try?
>
>
> --Steve
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>