how to implement a different serverside keystore mechanism?
turns out there is a whole different problem layer i didn't grasp last week.
So we want to use secure webserives with Mutual Certificates Security. The server is supposed to issue time-limited certificates for the clients on the fly.
I was told that this on-the-fly-part was a problem because applications in production settings were not supposed to dynamically add trusted persons/modify the keystore file.
Therefore the idea was to plugin our own serverside keystore mechanism, that doesn't look for the certificate in a keystore file but in our "keystore database".
1) Is it possible to plugin this functionality? (we use glassfish v3.1 b33)
2) How do i access from within the webservice the certificate being used to be able to retrieve the user currently accessing the webservice? (This should just be a call to our "keystore database" once i have the client, isn't it?)