Hi
On 19/02/12 23:50, pdread wrote:
Hi
My company has an App that uses http://:8080 but under the covers redirects
to https://8443 where
the cert is grabbed and put in a session object, then its redirected back to
http://8080. They do this
to force the browser to provide the cert but they don't want the https
connection. They are not using cxf.
Now I must create REST services with cxf, get the cert, but no use https. Is
there a way in cxf to do what
they did?
I know it is possible to grab the (client) certificate from the current
CXF message like this:
import org.apache.cxf.security.transport.TLSSessionInfo;
...
private Certificate[] getTLSCertificates(Message message) {
TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
return tlsInfo != null ? tlsInfo.getPeerCertificates() : null;
}
but that works for a 2-way TLS only.
Can you clarify please what exactly do you mean by "get the cert but no
use https"...Where do you expect to get the certificate from
thanks, Sergey
Thanks
Paul
--
View this message in context:
http://cxf.547215.n5.nabble.com/http-https-http-and-REST-tp5497801p5497801.html
Sent from the cxf-user mailing list archive at Nabble.com.
