I think I figured that out myself actually. Setting org.ops4j.pax.web.ssl.clientauthwanted = true Should enable two way ssl if the client has anything to send. At least that is what I am hoping. Does anyone have any experience about whether this is a correct assumption?
If that is correctly understood, I can just reject all calls without a valid client cert in that specific endpoint. On 16 Sep 2016 8:45 p.m., "Martin Nielsen" <[email protected]> wrote: > That looks very much like what I would need. The only issue is that I > will need 2way ssl for only a select few endpoints. It looks to me like the > pax web configuration is global. Is that right? > > On 16 Sep 2016 10:21, "Christian Schneider" <[email protected]> > wrote: > >> I am not sure about reading the client certificate in an interceptor but >> that part should be for the most part unrelated to >> OSGi. Maybe you can ask that as a separate question so people without >> OSGi knowledge tune in. >> >> Christian >> >> On 16.09.2016 08:42, Martin Nielsen wrote: >> >>> Hello everyone. >>> >>> I have a question about using CXF in an OSGi container. More specifically >>> using it via Declarative Services. >>> >>> I need to create a REST endpoint, that is secured by 2way SSL, as well as >>> an interceptor which can read the incomming client certificate after the >>> handshake in order to perform authentication inside the application >>> itself. >>> >>> But how do i do this? I found a demo to make CXF register a component as >>> a >>> rest service here. http://cxf.apache.org/dosgi-ds-demo-page.html >>> >>> But i still can't resources on how to do the 2way ssl part. >>> I know i need to setup trust and keystores on the HTTPConduit, but i have >>> no idea how or where to do that in an OSGi environment. >>> >>> I am using Karaf for the OSGi container, if that has any relevance. >>> >>> Thank you in advance >>> >>> -Martin >>> >>> >> >> -- >> Christian Schneider >> http://www.liquid-reality.de >> >> Open Source Architect >> http://www.talend.com >> >>
