Hi,
using a CXF for JAX-RS we accomplished a certificate based authentication by
setting a key manager in the TLSClientParameters that are attached to the
client's HttpConduit:
> final ClientConfiguration config = WebClient.getConfig(proxy);
>
> final HTTPConduit conduit = (HTTPConduit) aConfig.getConduit();
>
> final KeyStore ks = createKeystoreAndImportCertificate();
> final KeyManagerFactory keyManagerFactory =
> KeyManagerFactory.getInstance(KeyManagerFactory
> .getDefaultAlgorithm());
> keyManagerFactory.init(ks, 'keyStorePassword'.toCharArray());
> final KeyManager[] keyMgrs = keyManagerFactory.getKeyManagers();
>
> TLSClientParameters tlsClientParameters = conduit.getTlsClientParameters();
> if (tlsClientParameters == null)
> {
> tlsClientParameters = new TLSClientParameters();
> }
> tlsClientParameters.setKeyManagers(keyMgrs);
>
> conduit.setTlsClientParameters(tlsClientParameters);
good luck
> Gesendet: Donnerstag, 20. November 2014 um 05:10 Uhr
> Von: "Xu HongBo(徐洪波)" <[email protected]>
> An: "[email protected]" <[email protected]>
> Betreff: How to authorize the client only use Certificate?
>
> Hi:
> I want to only use a X509 Certificate to identify a client, and
> authorize it without username-token .
>
> I have already know how to signature the client using CXF, and at
> service side, the CXF will verify the signature using the client's
> X509Certificate automatically.
>
> But I don't know how can I read the client's X509 Certificate's content
> (or the CN field's name of certificate) at the service side. Does CXF provide
> some API/SPI , I could use it to get the client's certificate?
>
> Thanks for any suggestion
>
>
>
