While finding the username wasn't as hard as first thought, it looks like
finding the PASSWORD is. It doesn't seem to be in the HttpServletContext
anywhere, nor can I find it in the MessageContext anywhere.
This piece of code:
/* Find out who the user is saying they are in the HTTP session. */
| MessageContext msgContext = wsContext.getMessageContext();
| HttpServletRequest servletRequest = (HttpServletRequest)
msgContext.get(MessageContext.SERVLET_REQUEST);
| String username = servletRequest.getRemoteUser();
|
| Enumeration hdrs = servletRequest.getHeaderNames();
| for (; hdrs.hasMoreElements() ;)
| System.out.println("Header: " + hdrs.nextElement());
|
| String pathInfo = servletRequest.getPathInfo();
| String queryStr = servletRequest.getQueryString();
| String requestURI = servletRequest.getRequestURI();
| StringBuffer requestURL = servletRequest.getRequestURL();
| Principal p = servletRequest.getUserPrincipal();
| String sessionID = servletRequest.getRequestedSessionId();
|
| System.out.println("Path Info: " + pathInfo);
| System.out.println("Query String: " + queryStr);
| System.out.println("Request URI : " + requestURI);
| System.out.println("Request URL : " + requestURL.toString());
| System.out.println("Principal : " + p.toString());
| System.out.println("Session ID : " + sessionID);
|
| HttpSession session = servletRequest.getSession();
| Enumeration attrs = session.getAttributeNames();
| for (; attrs.hasMoreElements() ;)
| System.out.println("Session Attribute: " + attrs.nextElement());
produces the following output, which doesn't show any sign of the password
property:
14:49:57,472 INFO [STDOUT] Header: authorization
| 14:49:57,472 INFO [STDOUT] Header: soapaction
| 14:49:57,472 INFO [STDOUT] Header: content-type
| 14:49:57,472 INFO [STDOUT] Header: jboss-remoting-version
| 14:49:57,472 INFO [STDOUT] Header: user-agent
| 14:49:57,472 INFO [STDOUT] Header: host
| 14:49:57,472 INFO [STDOUT] Header: accept
| 14:49:57,472 INFO [STDOUT] Header: connection
| 14:49:57,472 INFO [STDOUT] Header: content-length
| 14:49:57,475 INFO [STDOUT] Path Info: null
| 14:49:57,475 INFO [STDOUT] Query String: null
| 14:49:57,476 INFO [STDOUT] Request URI : /Crunch/comp/SubscriberServices
| 14:49:57,476 INFO [STDOUT] Request URL :
https://localhost:8443/Crunch/comp/SubscriberServices
| 14:49:57,476 INFO [STDOUT] Principal : admin
| 14:49:57,476 INFO [STDOUT] Session ID : null
|
Note that there doesn't appear to be anything in the HttpSession either, which
is probably correct though I'm not sure of that at the moment.
Does anyone know where the PASSWORD_PROPERTY set by the client is hiding when
it gets to the Web Services class?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4123219#4123219
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4123219
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
