I am not too familiar with ThreadLocal object. Could you post your sample code on how to use it in the context of the interceptor and the CallbackHandler? Regards, Ben
On Wed, May 14, 2008 at 2:58 PM, sudip shrestha <[EMAIL PROTECTED]> wrote: > This approach with ThreadLocal var storing thread specifc service QName > worked. Made sure my interceptor got invoked during the READ phase which > is > before the PRE_PROTOCOL phase. Now I can make sure the client is invoking > only the service it is authorized to invoke... but this is something, > making > extra calls adding overheads, IMO, I should not have to do, something the > WS-* spec should provide. > > > On Tue, May 13, 2008 at 3:12 PM, Daniel Kulp <[EMAIL PROTECTED]> wrote: > > > > > On May 13, 2008, at 4:01 PM, Ben Berner wrote: > > > > Dan, I looked at the javadocs, but can't seem to find any association of > >> Service Endpoint with the Exchange Object. > >> > > > > Just call: > > > > Service service = exchange.get(Service.class); > > > > There's a bunch of things stored on the exchange like that. The Bus is > > there, the Endpoint, the Binding, depending on the phase, the > OperationInfo > > would be there, etc... > > > > Also is there a particular > >> interceptor I need to implement for this? > >> > > > > Easiest to just subclass the AbstractPhaseInterceptor. Not sure on the > > phase. The WSS4JInInterceptor runs in the PRE_PROTOCOL phase, so after > > that most likely. > > > > Dan > > > > > > > > > > > >> Regards, > >> Ben > >> > >> On Tue, May 13, 2008 at 2:28 PM, Ben Berner <[EMAIL PROTECTED]> > >> wrote: > >> > >> I thought about injecting the namespace into the the handlers.. but > >>> that's > >>> a lot of work for me as I am in the process of migrating my services > from > >>> XFire to CXF. Now, the second scenario makes me think instead of using > >>> another interceptor on top of Handler, why not just use the the simple > >>> interceptor that does the validation... > >>> > >>> > >>> On Tue, May 13, 2008 at 2:04 PM, Daniel Kulp <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>>> On May 13, 2008, at 1:01 PM, Ben Berner wrote: > >>>> > >>>> Hello cxf-users, > >>>> > >>>>> I need to check whether the client invoking a web service is > >>>>> authorized to > >>>>> do so. The database has targetNamespace of the service paired with > >>>>> the > >>>>> username/key. So, need to find the targetNamespace of the WebService > >>>>> at > >>>>> runtime in ServerPasswordCallback Class that implements > >>>>> CallbackHandler > >>>>> (using ws-security). Is this possible via some api or I need to > >>>>> inject > >>>>> something into this callback class? > >>>>> Regards, > >>>>> Ben > >>>>> > >>>>> > >>>> Hmmmmm........ interesting problem. I'm not sure what the best way > to > >>>> do it is. It could also depend on how you are configuring the > ws-sec > >>>> stuff. If you are configuring the ws-sec/handler stuff on the bus, > you > >>>> really cannot store any state in it as that instance will be shared by > >>>> all > >>>> services. You COULD configure it on a per-service basis and just > >>>> inject > >>>> the target namespace of that service into the handler as a constructor > >>>> arg > >>>> or property or something. That's quite a bit more configuration > >>>> though. > >>>> > >>>> If you want to keep it configured on a per-bus basis, I would add an > >>>> interceptor in front of the ws-sec in interceptor that grabs the > Service > >>>> object from the Exchange, grabs the namespace in there and stores it > in > >>>> a > >>>> public ThreadLocal or something that the Handler would have access to. > >>>> > >>>> > >>>> --- > >>>> Daniel Kulp > >>>> [EMAIL PROTECTED] > >>>> http://www.dankulp.com/blog > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > > --- > > Daniel Kulp > > [EMAIL PROTECTED] > > http://www.dankulp.com/blog > > > > > > > > > > >
