On the server side, using the standard J2EE authentication scheme, you just set up a trust certificate store, with the accepted client certificates, and configure your web application to use it for authentication. I did it with Tomcat (alone) or Tomcat+Jonas without any problem for simple web applications, not for web services. In a plain web service server implementation, i don't know how you can retrieve the client subject. I had always plan to use EJB endpoint web services to let the application server forward me the user's identity by the EJB context, using HTTP or certificate authentication scheme.
I don't know how do it on the client side, since you must first activate SSL client authentication (changing the socket factory to use SSL and providing a defined certificate), and tell the web service client to use this transport. I suppose you should look first for help about simple SSL web service client, and then extend the solution to activate mutual authentication and provide the client certifcate. I'll also be waitaing for an idea for such a solution. >>> -----Message d'origine----- >>> De : Joaco [mailto:[EMAIL PROTECTED] >>> Envoyé : vendredi 4 février 2005 16:38 >>> À : [EMAIL PROTECTED] >>> Objet : Client Certificates in Axis >>> >>> >>> Hi >>> I need Client Certificate, to authentic a Client. >>> I know how to set up a certificate in Server side to authentic a Server >>> , but I don´t know how to use a client certificate to authentic Client. >>> It is possible in axis ? >>> There are an other options to authentic a Client but not whit password ? >>> Someone can help me pls? >>> >>> Thanks >>> Joaquin >>> >>> >>>
