I have a number of WebMethods using JAX-WS and every method should be authenticated using client certificate. Therefore I need to read DN from client certificate and other information which should be used in authorisation process.
The sample method looks like this:
@WebMethod
public String sampleMethod(
@XmlElement(required = true)
@WebParam(name="attribute") String one,
@XmlElement(required = true)
@WebParam(name="attribute2") String two) throws Exception {
String message = null;
String clientDN = getClientDN();
if (isAuthorized(clientDN)) {
// Do something
}
return message;
}
@WebMethod
public String sampleMethod2(
@XmlElement(required = true)
@WebParam(name="attribute") String one,
@XmlElement(required = true)
@WebParam(name="attribute2") String two) throws Exception {
String message = null;
String clientDN = getClientDN();
if (isAuthorized(clientDN)) {
// Do something
}
return message;
}
private String getClientDN() {
HttpsExchange exchange = (HttpsExchange) context.getMessageContext().get(HTTPS_EXCHANGE);
SSLSession sslsession = exchange.getSSLSession();
try {
String name = sslsession.getPeerPrincipal().getName();
log.debug("client DN: " + name);
return name;
} catch (SSLPeerUnverifiedException e) {
e.printStackTrace();
}
return null;
}
So in this case I need to get client certificate DN in every WebMethod defined and this duplicates the code.
I was looking into handler classes but I don't see a way how to do it with it because the handler is basically independent from service class.
Is there a way how to do authorisation globally for the whole web service? Also I would need to pass client DN into service after successful authorisation to work with it.