I am using JBoss 4.2.3 and am invoking a certificate-based login service over an SSL connection.
The client provides a certificate when setting up the SSL connection and it is supposed to provide the same certificate as an argument to the login service.
My difficulty is that I cannot see a way to determine from an invocation received by the server which SSL socket was the source of that invocation. This means I have no way to check whether the certificate that was given by the client to set up the SSL connection is the same one as is passed to the login invocation.
Has anyone tackled this kind of problem before? Did you find a solution?
Thanks in advance.
Sorry for the delay.
There is a way to access sockets by registering a socket creation listener. See Section 220.127.116.11 "Socket creation listeners" of the Remoting Guide: http://http://docs.jboss.org/jbossremoting/2.5.4.SP3/guide/html/ .
Hope that helps.
Thank you for your reply.
We have already tried using a handshake complete listener to check the certificate offered by a client during SSL handshake. Nevertheless, we cannot see a way to determine which SSL connection is the source of an invocation received by the server. This does not seem to be an issue for later versions of JBoss Remoting.because we could then use invocationRequest.getRequestPayload().get(Remoting.CLIENT_ADDRESS).
We do anticipate upgrading to a later version of JBoss in the near future, so perhaps we will need to revisit this problem when that upgrade is complete.
|Retrieving data ...|