I am new to implementing security features on the web applications.. I have developed a new web service using jdev1012 and deployed in OAS 10.1.2. Its working fine according to the business requirements, but I am in need of implementing client-cert authentication to enable the web service available to only those who have client certificate.
My server details are:
Oracle Application Server 10g Release 2 (10.1.2)
Server certificate is in place and SSL mode have been already enabled.. able to access my web service through https://<mydomain.com>/myws/TreqWS as well able to see the WSDL file through https://<mydomain.com>/myws/TreqWS?WSDL.
I tried to include the following in my web.xml file as part of implementing CLIENT-CERT authentication.
<realm-name>WSCollection</realm-name> <!-- am not sure about this realm-name and its purpose -->
It is not woking as expected, though I have restarted my oc4j container after including this content to the web.xml file. i.e, I am able to invoke the web service though my sample java client program, though I donot have client certificate/keystore.
I believe I am missing something..Can anyone help me in this regard to implement CLIENT-CERT authentication successfully?