I wrote a Web Service server using Sun Ws implementation and I used a HttpsServer for publication (TLS mutual authentication).
httpServer=HttpsServer.create(...);
ssl=SSLContext.getInstance("TLS");
...
ssl.init(keyFactory.getKeyManagers(),trustFactory.getTrustManagers(),new SecureRandom());
configurator=new HttpsConfigurator(ssl) {
public void configure (HttpsParameters params)
{
SSLContext context;
SSLParameters sslparams;
context=getSSLContext();
sslparams=context.getDefaultSSLParameters();
sslparams.setNeedClientAuth(true);
params.setSSLParameters(sslparams);
}
};
((HttpsServer)httpServer).setHttpsConfigurator(configurator);
...
endPoint=getSunWsProvider().createEndPoint(...);
httpContext=httpServer.createContext(...);
endPoint.publish(httpContext);
httpServer.start();
...
Everything works fine. When the implementation of the server side of the Web Service is executed by a client, I would like to know which client is executing the code (to manage rights). Knowing that each client gets its own certificate, how can I get the client certificate used for the TLS negociation before the Web Service call ? (I would prefer to find a solution based on the client certificate analysis instead of adding an identification information to each Web Service call).
Thank you for your help.
getUserPrincipal()
give? (It's inHttpServletRequest
.) – Estus