users@jersey.java.net

security and auditing based on client SSL certificates

From: Gabor Szokoli <szocske_at_gmail.com>
Date: Sat, 29 Mar 2008 07:50:50 +0100

Hi,

Might be more of an Application Server question than a Jersey
question, but you guys can probably at least help me phrase that
question propery :-)

I have implemented a simple web service with jersey, deploy it to
GlassFish with the ServletContainer.
I'd like to completely restrict access to the web service to clients
with approved SSL certificates. (This is purely a Glassfish issue I
assume)
Furthermore, my resource class should be aware of some identifyer of
the client. (audit logs must be produced about every resource access)

Where do I start looking?


Gabor Szokoli