Hello everyone I'm trying to use plain SSL between my web service and a client application. They are both running in GlassFish 2.1.1 and are each in seperate domains. The client application is itself web application and I have add the JVM option -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as in order to get it to send it's certificate to the Web Services.
I've done the importing of the certificates into each others trust stores and it all works. The problem is that I need to do some things with the client certificate in the Web Service, but calling the getUserPrincipal method of the WebServiceContext that I declared earlier always returns ANONYMOUS.
Why is it doing this and how can I get back what's in the certificate.
edit: I guess I should mention that I created a CA and created new private keys and certificates which were signed by the CA for both the WS and the Client. I add the private keys to their keystores using the same S1AS default name and the new signed certificates plus the CA certificate to their trust stores.
I am protecting the WS with the following rule in web.xml:
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>Customer</web-resource-name>
<description/>
<url-pattern>/basecustomer*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>WSClient</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>certificate</realm-name>
</login-config>
<security-role>
<description/>
<role-name>WSClient</role-name>
</security-role>
And the following in my sun-web.xml:
<security-role-mapping>
<role-name>WSClient</role-name>
<group-name>WSClient</group-name>
</security-role-mapping>
And finally in GlassFish under the Configuration -> Security -> Realms -> certificate I told it to Assign Group: WSClient