Details
-
Feature Request
-
Resolution: Done
-
Major
-
jbossws-1.2.1, jbossws-2.0.1
-
None
Description
Let's say that Bob runs the web service and Alice has a client that uses the web service. Now John would also like to use the web service. John would create:
johns.keystore
----------------
john - keyPair (pub+priv)
bob - trustedCertEntry (pub)
johns.truststore
----------------
john - trustedCertEntry (just john's public key)
In addition, Bob's keystore would be updated to:
bobs.keystore
----------------
bob - keyPair (public + private key)
alice - trustedCertEntry (just alice's public key)
john - trustedCertEntry (just john's public key)
This does not pose a problem for encrypting the request from the client side since both Alice and John use Bob's public key to encrypt the message, and Bob of course uses his pirvate key to decrypt the message. But how is the response message encrypted?
JBossWS apparently does not support multiple clients because the certificate used by the server to encrypt the response is specified statically in jboss-wsse-server.xml.