Intercepting and forwarding client certificate to webservice

旧城冷巷雨未停 提交于 2019-12-24 11:54:06

问题


I have a web application (gwt) that is running on a tomcat application server. This web application consumes several web services (login, application data transfer, queries, etc.). The web service client on the tomcat is implemented as apache axis2 web service client.

For user log on I provide a form in the web application with username and password. This data are transmitted via web service to authenticate the user.

It is planned to change the hole authentication mechanism to client certificated based authentication. The authentication still should be done on the web service provider side. So my system has three relevant components: the web client, the tomcat application server and the web service provider.

Every user of the application has its own private client certificate (PKI Token, X.509- Auth-Cert). When the user connects to the web application his certificate is requested.

How can I forward the client certificates for use in the web services? (The tomcat will not be responsible for authentication).

1.) Is there a way to intercept the request and extract the client certificates before authentication error occurred? I found some information about Servlet Filters what sounds really good, but I’m not sure where to implement it to intercept the certificates before they are verified against tomcats keystore.

2.) If it is possible, how can I pass after the client certificate to the web service?

Thank you for reading


回答1:


No, not really. The real piece used in authentication is the private key associated with the certificate, not just the certificate itself. And, typically, you have no way of retrieving that from the web client. Therefore, you cannot really pass-through the credentials you receive from a web client on to the web service client. The certificate itself is readily available, but is useless for authentication without the corresponding private key.



来源:https://stackoverflow.com/questions/14650008/intercepting-and-forwarding-client-certificate-to-webservice

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!