On Mon, Jan 22, 2018 at 6:21 PM, vlad.balan <[email protected]> wrote:
> > > 1. I was trying to do authenticate + authorization with only the client > certificate from TLS. > > (as the <login-config>CLIENT-CERT</login-config> does in web.xml for > servlets) > > (tomcat for example takes the Distinguished name from certificate and does > autorization from a simple tomcat-users.xml file where it maps it to roles) > Why not just re-use Tomcat here? You can configure a CXF Jetty endpoint as an alternative for authentication, e.g.: http://cxf.apache.org/docs/jetty-configuration.html http://cxf.apache.org/docs/tls-configuration.html > > 2. from this exact post here > > http://cxf.547215.n5.nabble.com/x-509-security-token- > tp5150380p5485643.html > > i understood that by adding TransportBindging/HttpsToken + a > supportingToken > of typpe X509Token , "Then you would > see the BST in the request" (and then use it but that is another question) > The BST refers to the X.509 SupportingToken Token which is obtained from the WS-Security message properties. Colm. > > And since, as i guessed, TransportBindging/HttpsToken takes its certificate > from conduit > tlsClientParameters, i said to myself that also the SupportingToken will > will also come from tlsClientParameters, because in fact is the same from > TransportBindging/HttpsToken. > > This was the understanding from the above link. > > But as you explained in your response to my post, it seems that a > supportingToken of typpe X509Token comes only from the " client > jaxws:properties " > > > > > > In any case, what i try to do is point 1. > > Thanks a lot. > > > > -- > Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
