Re: [Axis2] How to handle multiple client certificates through WS-Security

Thu, 16 Mar 2006 03:01:16 -0800 

Hi Ali,

You can certainly do what you want with Axis2 using the security module.
You have to make sure that:

1.) Configure the service to expect the requests to be signed

2.) Public key certificates of each client must be imported into the
service's keystore. This is required in verifying the cert after
signature verification.

3.) Now each requester's signature will be verified by the security
module as and when it reaches the service.

4.) At the service you can identify the client that sent the request
using the information available in the message context.

There is a vector of security results available in the message context
by the key WSHandlerConstants.RECV_RESULTS.
Following code snippet shows how to extract the java.security.Principal

Vector results = null;
// get the result Vector from the property
if ((results = (Vector)
msgContext.getProperty(WSHandlerConstants.RECV_RESULTS))== null) {
            System.out.println("No security results!!");
}

for (int i = 0; i < results.size(); i++) {
     WSHandlerResult hResult = (WSHandlerResult)results.get(i);
     String actor = hResult.getActor();
     Vector hResults = hResult.getResults();
     for (int j = 0; j < hResults.size(); j++) {
       WSSecurityEngineResult eResult = (WSSecurityEngineResult)hResults.get(j);
        if (eResult.getAction() != WSConstants.SIGN) {
                   System.out.println(eResult.getPrincipal().getName());
        }
    }
}



Thanks,
Ruchith

On 3/16/06, Ali Sadik Kumlali <[EMAIL PROTECTED]> wrote:
> Dear all,
>
> Sorry if this a strange question, but I'm very new to web service security
> topic.
>
> Let me list my situation and needs step by step:
> 1) I have many clients
> 2) Each client has its own certificate
> 3) Each client send SOAP messages by signing with its certificate
> 4) I use Axis2 and WS-Security extentions
> 5) I need to recognize each sender uniquely and verify the message according
> to the sender's own certificate.
> 6) AFAIK, it's not necessary to use Username-token profile if I verify each
> message with sender's certificate.
>
> Some of the items seems very odd. If you beleive I'm going through correct
> way, please tell me how to build these up with Axis2. Otherwise, please let
> me know what kind of approach should I use to handle multiple client
> certificates.
>
> Thanks in advance,
>
> Ali Sadik Kumlali
>
>
>
>  ________________________________
> Yahoo! Mail
>  Bring photos to life! New PhotoMail makes sharing a breeze.
>
>

Reply via email to