Hi, Do you use SOAP (JAX-WS) or Rest (JAX-RS) call? In case of SOAP recommended way is using WS-Policy for X509 authentication and get authenticated user principles (X509 CN) from SecurityContext for the authorization.
Regards, Andrei. > -----Original Message----- > From: Xu HongBo(徐洪波) [mailto:[email protected]] > Sent: Donnerstag, 20. November 2014 05:11 > To: [email protected] > Subject: How to authorize the client only use Certificate? > > Hi: > I want to only use a X509 Certificate to identify a client, and > authorize > it without username-token . > > I have already know how to signature the client using CXF, and at > service side, the CXF will verify the signature using the client's > X509Certificate > automatically. > > But I don't know how can I read the client's X509 Certificate's content > (or the CN field's name of certificate) at the service side. Does CXF provide > some API/SPI , I could use it to get the client's certificate? > > Thanks for any suggestion >
