I thought about injecting the namespace into the the handlers.. but that's a lot of work for me as I am in the process of migrating my services from XFire to CXF. Now, the second scenario makes me think instead of using another interceptor on top of Handler, why not just use the the simple interceptor that does the validation...
On Tue, May 13, 2008 at 2:04 PM, Daniel Kulp <[EMAIL PROTECTED]> wrote: > > On May 13, 2008, at 1:01 PM, Ben Berner wrote: > > Hello cxf-users, > > I need to check whether the client invoking a web service is authorized > > to > > do so. The database has targetNamespace of the service paired with the > > username/key. So, need to find the targetNamespace of the WebService at > > runtime in ServerPasswordCallback Class that implements CallbackHandler > > (using ws-security). Is this possible via some api or I need to inject > > something into this callback class? > > Regards, > > Ben > > > > Hmmmmm........ interesting problem. I'm not sure what the best way to > do it is. It could also depend on how you are configuring the ws-sec > stuff. If you are configuring the ws-sec/handler stuff on the bus, you > really cannot store any state in it as that instance will be shared by all > services. You COULD configure it on a per-service basis and just inject > the target namespace of that service into the handler as a constructor arg > or property or something. That's quite a bit more configuration though. > > If you want to keep it configured on a per-bus basis, I would add an > interceptor in front of the ws-sec in interceptor that grabs the Service > object from the Exchange, grabs the namespace in there and stores it in a > public ThreadLocal or something that the Handler would have access to. > > > --- > Daniel Kulp > [EMAIL PROTECTED] > http://www.dankulp.com/blog > > > > >
