Hi,
I want to deploy web services based on client authentication. For instance, I want to provide access to a database through a web service and access control is done via SSL certificates and not username and password.
Basically, the client application connects to Axis.
The Axis server will look at the presence (or not) of a client certificate, checks the certificate against a CA and if successful will extract some information from the certificate (e.g. DN, OU, EMAIL, etc.).
Then the server will pass this extracted information to the web service itself. The web service will check that the user (identified by its DN for instance) is a valid user and the action of the message will be performed.
I have managed to configure Tomcat to accept client certificates. What I am struggling with is is how (what class do I need to change or extend) do I extract the information from the certificate and how do I make this information available to Axis and to the web service itself?
regards,
Arnaud
