tags:

views:

101

answers:

2
Q: 

How to read the user or identifier supplied in ws-security

I am using latest Apache CXF to create a webservice. I have configured ws-security using org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor. In my passwordCallbackClass I can access the user or identifier by calling getIdentifier() method of org.apache.ws.security.WSPasswordCallback class.

I am also using spring for the whole setup.

I would like to know how to access the identifier any where else in the code? I could think of using ThreadLocal in my passwordCallbackClass? Another way is define to an identifier property in all my service method parameters but that would mean client need to pass the identifier twice, one in the security block and again in the service call?

EDIT----------------------------------------------------------------------------------------

My service class looks like this and I need to read the Identifier in sayHi method.

@WebService(endpointInterface = "com.webservice.HelloWorld")
public class HelloWorldImpl implements HelloWorld {
public String sayHi(String text) {
return "Hello " + text;
}
}

My Password callback method is this where I can get the Identifier.

public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackExceptio {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.getIdentifier();
}

+1  A: 

Define "any where else in the code"? Are you talking about in other interceptors? In your server implementation? Are you using JAXWS or the simple frontend? Etc...

If using jaxws and you want it in your server impl, the JAXWS WebServiceContext has a getUserPrincipal() method that would just be a principal that WSS4J creates after you validate the user.

Pretty much anywhere else (or even in the server impl using the context), you can do something like:

message.get(SecurityContext.class).getUserPrincipal();

to achieve the same result.

Daniel Kulp  2009-11-12 21:33:27
+1  A: 

I used ThreadLocal in my Password callback method to store the Identifier. I then access the ThreadLocal anywhere in the code to know the identifier.

Bhushan  2009-12-16 02:43:38

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java