Hi all, I'm no security expert..moreover I'm more on the "newbie" side, so please let me know if this question does not make sense.
I've been reading some documentation on WSS4J support on XFire and I seem to understand how it works. Still, I'm not sure how the application code (i.e. web service implementation) can get hold of the Subject object. Is this something XFire does, or it only verifies that the credentials are valid? ( i.e. I need access to the Subject executing the web service inside my components). I also need to propagate this credentials on outbound messages: I've seen Michael Vorburger's blog about propagating using Acegi Security Framework: will this same approach work with other frameworks (i.e. App Servers own) ? Any chance this is part of XFire ? I am currently using BEA Weblogic, so my code needs to be able to do weblogic.security.Security.getCurrentSubject() in order to get the Subject and all it's configured roles. Best Regards Andres B.
