Dan, I looked at the javadocs, but can't seem to find any association of Service Endpoint with the Exchange Object. Also is there a particular interceptor I need to implement for this? Regards, Ben
On Tue, May 13, 2008 at 2:28 PM, Ben Berner <[EMAIL PROTECTED]> wrote: > I thought about injecting the namespace into the the handlers.. but that's > a lot of work for me as I am in the process of migrating my services from > XFire to CXF. Now, the second scenario makes me think instead of using > another interceptor on top of Handler, why not just use the the simple > interceptor that does the validation... > > > On Tue, May 13, 2008 at 2:04 PM, Daniel Kulp <[EMAIL PROTECTED]> wrote: > > > > > On May 13, 2008, at 1:01 PM, Ben Berner wrote: > > > > Hello cxf-users, > > > I need to check whether the client invoking a web service is > > > authorized to > > > do so. The database has targetNamespace of the service paired with > > > the > > > username/key. So, need to find the targetNamespace of the WebService > > > at > > > runtime in ServerPasswordCallback Class that implements > > > CallbackHandler > > > (using ws-security). Is this possible via some api or I need to > > > inject > > > something into this callback class? > > > Regards, > > > Ben > > > > > > > Hmmmmm........ interesting problem. I'm not sure what the best way to > > do it is. It could also depend on how you are configuring the ws-sec > > stuff. If you are configuring the ws-sec/handler stuff on the bus, you > > really cannot store any state in it as that instance will be shared by all > > services. You COULD configure it on a per-service basis and just inject > > the target namespace of that service into the handler as a constructor arg > > or property or something. That's quite a bit more configuration though. > > > > If you want to keep it configured on a per-bus basis, I would add an > > interceptor in front of the ws-sec in interceptor that grabs the Service > > object from the Exchange, grabs the namespace in there and stores it in a > > public ThreadLocal or something that the Handler would have access to. > > > > > > --- > > Daniel Kulp > > [EMAIL PROTECTED] > > http://www.dankulp.com/blog > > > > > > > > > > >
