I think I figured that out myself actually. Setting
org.ops4j.pax.web.ssl.clientauthwanted = true
Should enable two way ssl if the client has anything to send.
At least that is what I am hoping. Does anyone have any experience about
whether this is a correct assumption?
If that is correctly understood, I can just reject all calls without a
valid client cert in that specific endpoint.
On 16 Sep 2016 8:45 p.m., "Martin Nielsen" <mny...@gmail.com> wrote:
> That looks very much like what I would need. The only issue is that I
> will need 2way ssl for only a select few endpoints. It looks to me like the
> pax web configuration is global. Is that right?
> On 16 Sep 2016 10:21, "Christian Schneider" <ch...@die-schneider.net>
>> I am not sure about reading the client certificate in an interceptor but
>> that part should be for the most part unrelated to
>> OSGi. Maybe you can ask that as a separate question so people without
>> OSGi knowledge tune in.
>> On 16.09.2016 08:42, Martin Nielsen wrote:
>>> Hello everyone.
>>> I have a question about using CXF in an OSGi container. More specifically
>>> using it via Declarative Services.
>>> I need to create a REST endpoint, that is secured by 2way SSL, as well as
>>> an interceptor which can read the incomming client certificate after the
>>> handshake in order to perform authentication inside the application
>>> But how do i do this? I found a demo to make CXF register a component as
>>> rest service here. http://cxf.apache.org/dosgi-ds-demo-page.html
>>> But i still can't resources on how to do the 2way ssl part.
>>> I know i need to setup trust and keystores on the HTTPConduit, but i have
>>> no idea how or where to do that in an OSGi environment.
>>> I am using Karaf for the OSGi container, if that has any relevance.
>>> Thank you in advance
>> Christian Schneider
>> Open Source Architect