Hi Stephen Not quite what you want but maybe you could do something like this inside an interceptor rather than inside your service.
TLSSessionInfo tlsSessionInfo = message.put(TLSSessionInfo.class); Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates(); ... check the peer certificates and authorize based on this Regards Eamonn > From: stephen.lange...@inventrio.com > To: users@cxf.apache.org > Subject: Determining Caller's Identity > Date: Tue, 18 Aug 2009 14:37:12 -0400 > > I have written and Apache CXF Web Service (WSDL First), inside the > service I want to enforce authorization based on the identity of the > client that called the service. I wanted to know if there was an API > call I can make from the service implementation to obtain the client > identity. For example if the client authenticate over HTTPS with a > client certificate. > > --Steve > > Stephen Langella > Co-Founder > Inventrio, LLC > www.inventrio.com > > stephen.lange...@inventrio.com > > > > > > _________________________________________________________________ See all the ways you can stay connected to friends and family http://www.microsoft.com/windows/windowslive/default.aspx