I found the solution I was looking for:
http://www.unix.org.ua/orelly/java-ent/servlet/ch08_01.htm
Chapter 8.2: Security in a servlet
Michael
Michael Imhof wrote:
>
> Thanks Anthony,
>
> that's exactly what I wanna do. But the problem starts already at
> the first line because "MessageContext.getCurrentMessageContext();" is
> returning <null>!
>
> Do you have an idea why this is <null>?
>
> Michael
>
> PS: The webserver I'm using is from the apache ofbiz project. There is a
> ofbiz nabble forum but
> I posted the problem here because I think it's more a axis specific
> problem (probably I'm wrong?).
>
>
>
> Anthony Bull wrote:
>>
>>
>> Hi Michael,
>>
>> there are newer ways of doing this, but I haven't gotten around to
>> getting them working (had difficulties....).
>>
>> In your skeleton try the following - it has a deprecated call in it,
>> but it still works with 1.2 and 1.3, so is fine for the time being......
>>
>> // Extract the username token from the soap headers. This uses deprecated
>>
>> // axis-2 methods on WSSecurityEngineResult, which probably need to be replaced
>>
>> // with the newer code, once it is discovered what that code is.
>>
>> private String getUserNameToken() {
>> try {
>> MessageContext messageContext = MessageContext.getCurrentMessageContext();
>>
>> logger.debug( "Method call: getUserNameToken");
>>
>> Vector results = null;
>> if ((results = (Vector) messageContext.getProperty( WSHandlerConstants.RECV_RESULTS)) == null) {
>>
>> logger.debug( "Exceptional return: no security headers in message context");
>>
>> throw new RuntimeException( "No security headers available in message context!!");
>>
>> }
>> else {
>> logger.debug( "results size = " + results.size());
>>
>> for (int i=0; i<results.size(); i++) {
>>
>> // Get hold of the WSHandlerResult instance.
>>
>> WSHandlerResult rResult = (WSHandlerResult) results.get( i);
>>
>> Vector wsSecEngineResults = rResult.getResults();
>>
>> logger.debug( "wsEngineResults.size = " + wsSecEngineResults.size());
>>
>> for ( int j=0; j<wsSecEngineResults.size(); j++) {
>>
>> //Get hold of the WSSecurityEngineResult instance
>>
>> WSSecurityEngineResult engineResult = (WSSecurityEngineResult) wsSecEngineResults.get( j);
>>
>> logger.debug( "engineResult.getPrincipal() = " + engineResult.getPrincipal());
>>
>> if ( engineResult.getPrincipal() instanceof WSUsernameTokenPrincipal) {
>>
>> // Extract the principal.
>>
>> WSUsernameTokenPrincipal principal = (WSUsernameTokenPrincipal) engineResult.getPrincipal();
>>
>> //Get user/pass
>>
>> logger.debug( "Normal return: getUserNameToken result = " + principal.getName());
>>
>> return principal.getName();
>>
>> //String passwd = principal.getPassword();
>>
>> }
>> }
>> }
>> }
>> throw new RuntimeException( "Username security header not available in message context!!");
>>
>> }
>> catch ( RuntimeException e) {
>> // Log any exceptions before rethrowing them, as axis2 doesnt tend to
>>
>> // log message receiver errors.
>> logger.error( e.getMessage(), e);
>> throw e;
>> }
>> }
>>
>> Michael Imhof wrote:
>>
>> We're using Axis Webservices and they are secured by basic
>> authentication.
>>
>> Now, I would to access the user/password information of the basic
>> authentication
>> (this information must be send to the server anywhere).
>>
>> How can I access this information.
>>
>> Regards,
>>
>> Michael
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/Accessing-authentication-information-tf4481853.html#a12795377
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
