Re: Retrieve the user using WS-Security and Signature

Fri, 02 May 2008 16:11:12 -0700 

Actually I was able to retrive the certificate via an Interceptor, on
the handleMessage of the Interceptorm here's what I did:

        Vector result = (Vector)
message.getContextualProperty(WSHandlerConstants.RECV_RESULTS);
        for (int i = 0; i < result.size(); i++) {
            WSHandlerResult res = (WSHandlerResult) result.get(i);
            for (int j = 0; j < res.getResults().size(); j++) {
                WSSecurityEngineResult secRes = (WSSecurityEngineResult)
res.getResults().get(j);

                X500Name principal = (X500Name) secRes.get("principal");
                if(principal != null) {
                    this.setUser(principal.getName());
                    break;
                }
            }

This gives me the pricipal stored on the certificate, which is enough
for me. I did not try you method 'cause I was not sure where I would
put the code, but thanks anyway


On Thu, May 1, 2008 at 5:33 AM, O hEigeartaigh, Colm
<[EMAIL PROTECTED]> wrote:
>
>  The WSS4JInInterceptor attaches the X509 certificate that was used for
>  signature to the message with:
>
>  WSSecurityEngineResult actionResult =
>     WSSecurityUtil.fetchActionResult(wsResult, WSConstants.SIGN);
>  msg.put(SIGNATURE_RESULT, actionResult);
>
>  You can access this downstream by doing something like:
>
>  WSSecurityEngineResult result =
>   (WSSecurityEngineResult)
>  inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
>
>  X509Certificate certificate =
>     (X509Certificate)result
>             .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
>
>  You can manipulate this X509Certificate object to get what you want I
>  think.
>
>  Colm.
>
>
>
>  -----Original Message-----
>  From: marcelo melo [mailto:[EMAIL PROTECTED]
>  Sent: 01 May 2008 01:40
>  To: [email protected]
>  Subject: Retrieve the user using WS-Security and Signature
>
>  Hi all,
>
>  I am developing a service using signatures only, with no user-password
>  authentication. However, when developing a Client, I am forced to set
>  a user in order to invoke the service. Is there a way of retrieving
>  the user on the server side (for auditing purposes)?
>  I tried to use a password callback handler, which succesfully
>  retrieved me the user, but required me to correctly inform a password,
>  which I don't (at least won't if the key is not generated by me) know.
>  Also, if someone could give me an insight of how, if possible, to use
>  this user on my service class, I would be very grateful.
>
>  Thanks
>
>  ----------------------------
>  IONA Technologies PLC (registered in Ireland)
>  Registered Number: 171387
>  Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
>

Reply via email to