On May 13, 2008, at 1:01 PM, Ben Berner wrote:
Hello cxf-users,
I need to check whether the client invoking a web service is
authorized to
do so. The database has targetNamespace of the service paired with
the
username/key. So, need to find the targetNamespace of the
WebService at
runtime in ServerPasswordCallback Class that implements
CallbackHandler
(using ws-security). Is this possible via some api or I need to
inject
something into this callback class?
Regards,
Ben
Hmmmmm........ interesting problem. I'm not sure what the best way
to do it is. It could also depend on how you are configuring the ws-
sec stuff. If you are configuring the ws-sec/handler stuff on the
bus, you really cannot store any state in it as that instance will be
shared by all services. You COULD configure it on a per-service
basis and just inject the target namespace of that service into the
handler as a constructor arg or property or something. That's quite
a bit more configuration though.
If you want to keep it configured on a per-bus basis, I would add an
interceptor in front of the ws-sec in interceptor that grabs the
Service object from the Exchange, grabs the namespace in there and
stores it in a public ThreadLocal or something that the Handler would
have access to.
---
Daniel Kulp
[EMAIL PROTECTED]
http://www.dankulp.com/blog
