Hiya, I'm looking at handling authentication for my web service by using client certificates. From an architectural point of view, what's the cleanest way of getting hold of the certificate information during the request (preferably before the service is invoked), and doing some processing on it?
My first thought is to write a custom Handler and insert it into the processing pipeline - but as Xfire is transport agnostic, I doubt that the servlet context information is presented as part of the message context. Another thought is to subclass or decorate XfireConfigurableServlet and get access to the information that way - is this a feasible route? Just looking for some guidance on the 'correct' way to do this - if this hasn't been tried before then I will of course investigate, and pass back what I find. Thanks, and congratulations on Xfire 1.1, Steve
