I have developed a rest service that uses https/SSL with client
authentication. I can have deployed the service and tested it using client
proxies create with JAXRSClientFactory. I have confirmed that the
authentication is working and that the client can connect to the service etc.
What I am trying to do now is get the client's authentication identity such
that I can make an authorization decision within the service. I have
annotated my rest service implementation using @Context such that both the
javax.ws.rs.core.SecurityContext and org.apache.cxf.jaxrs.ext.MessageContext
get injected. I have validated that both do get injected at runtime. The
problem I am running into is when I call to getUserPrincipal(), it returns
null, when I am expecting the client's DN. In addition when I call
getAuthenticationScheme(), it returns "Unknown scheme", when I am expecting
"CLIENT_CERT_AUTH". Any ideas on what I might be doing wrong? Thanks in
advance.
--Steve
Stephen Langella
Inventrio
545 Metro Place South, Suite 475
Dublin, OH 43017
Phone: (614) 389-2795 x102
Fax: (614) 522-6249
Email: [email protected]
http://www.inventrio.com
