Note: this is probably not thread safe. Interceptors are "shared" by all
invokations on the endpoint. Thus, the interceptor needs to make sure it
doesn't maintain state (like the Principal object) in an instance variable
that might be wiped out by an invokation being processed on another thread.
To answer your other question...
Assuming JAX-WS on server side, in your service implementation, add:
@Resource
WebServiceContext context;
as an instance field. The runtime will inject a WebServiceContext instance
in there. After that, in your interceptor, do something like:
message.put("USER_NAME", principal.getName());
Then, in your impl, do:
String user = (String)context.getMessageContext().get("USER_NAME");
You might even be able to do what you need without any interceptor. The
WebServiceContext basically wrappers the message. Thus, you may be able to
just do:
context.getMessageContext().get(WSHandlerConstants.RECV_RESULTS)
in your service impl to get the Vector there.
Dan
marcelo melo-2 wrote:
>
> Actually I was able to retrive the certificate via an Interceptor, on
> the handleMessage of the Interceptorm here's what I did:
>
> Vector result = (Vector)
> message.getContextualProperty(WSHandlerConstants.RECV_RESULTS);
> for (int i = 0; i < result.size(); i++) {
> WSHandlerResult res = (WSHandlerResult) result.get(i);
> for (int j = 0; j < res.getResults().size(); j++) {
> WSSecurityEngineResult secRes = (WSSecurityEngineResult)
> res.getResults().get(j);
>
> X500Name principal = (X500Name) secRes.get("principal");
> if(principal != null) {
> this.setUser(principal.getName());
> break;
> }
> }
>
> This gives me the pricipal stored on the certificate, which is enough
> for me. I did not try you method 'cause I was not sure where I would
> put the code, but thanks anyway
>
>
> On Thu, May 1, 2008 at 5:33 AM, O hEigeartaigh, Colm
> <[EMAIL PROTECTED]> wrote:
>>
>> The WSS4JInInterceptor attaches the X509 certificate that was used for
>> signature to the message with:
>>
>> WSSecurityEngineResult actionResult =
>> WSSecurityUtil.fetchActionResult(wsResult, WSConstants.SIGN);
>> msg.put(SIGNATURE_RESULT, actionResult);
>>
>> You can access this downstream by doing something like:
>>
>> WSSecurityEngineResult result =
>> (WSSecurityEngineResult)
>> inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
>>
>> X509Certificate certificate =
>> (X509Certificate)result
>> .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
>>
>> You can manipulate this X509Certificate object to get what you want I
>> think.
>>
>> Colm.
>>
>>
>>
>> -----Original Message-----
>> From: marcelo melo [mailto:[EMAIL PROTECTED]
>> Sent: 01 May 2008 01:40
>> To: [email protected]
>> Subject: Retrieve the user using WS-Security and Signature
>>
>> Hi all,
>>
>> I am developing a service using signatures only, with no user-password
>> authentication. However, when developing a Client, I am forced to set
>> a user in order to invoke the service. Is there a way of retrieving
>> the user on the server side (for auditing purposes)?
>> I tried to use a password callback handler, which succesfully
>> retrieved me the user, but required me to correctly inform a password,
>> which I don't (at least won't if the key is not generated by me) know.
>> Also, if someone could give me an insight of how, if possible, to use
>> this user on my service class, I would be very grateful.
>>
>> Thanks
>>
>> ----------------------------
>> IONA Technologies PLC (registered in Ireland)
>> Registered Number: 171387
>> Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
>> Ireland
>>
>
>
--
View this message in context:
http://www.nabble.com/Retrieve-the-user-using-WS-Security-and-Signature-tp16994689p17030305.html
Sent from the cxf-user mailing list archive at Nabble.com.
