On May 14, 2008, at 3:58 PM, sudip shrestha wrote:
This approach with ThreadLocal var storing thread specifc service
QName
worked. Made sure my interceptor got invoked during the READ phase
which is
before the PRE_PROTOCOL phase. Now I can make sure the client is
invoking
only the service it is authorized to invoke... but this is
something, making
extra calls adding overheads, IMO, I should not have to do,
something the
WS-* spec should provide.
Well, IDEALLY to me, the WSS4J stuff would fill in the appropriate
principal object on the context (which could then fill in the
approriate stuff in Acegi/Spring Security if using Acegi) and then you
could use the annotations on the service itself to be able to control
some of that. IMO. :-)
Dan
On Tue, May 13, 2008 at 3:12 PM, Daniel Kulp <[EMAIL PROTECTED]> wrote:
On May 13, 2008, at 4:01 PM, Ben Berner wrote:
Dan, I looked at the javadocs, but can't seem to find any
association of
Service Endpoint with the Exchange Object.
Just call:
Service service = exchange.get(Service.class);
There's a bunch of things stored on the exchange like that. The
Bus is
there, the Endpoint, the Binding, depending on the phase, the
OperationInfo
would be there, etc...
Also is there a particular
interceptor I need to implement for this?
Easiest to just subclass the AbstractPhaseInterceptor. Not sure on
the
phase. The WSS4JInInterceptor runs in the PRE_PROTOCOL phase, so
after
that most likely.
Dan
Regards,
Ben
On Tue, May 13, 2008 at 2:28 PM, Ben Berner <[EMAIL PROTECTED]
>
wrote:
I thought about injecting the namespace into the the handlers.. but
that's
a lot of work for me as I am in the process of migrating my
services from
XFire to CXF. Now, the second scenario makes me think instead of
using
another interceptor on top of Handler, why not just use the the
simple
interceptor that does the validation...
On Tue, May 13, 2008 at 2:04 PM, Daniel Kulp <[EMAIL PROTECTED]>
wrote:
On May 13, 2008, at 1:01 PM, Ben Berner wrote:
Hello cxf-users,
I need to check whether the client invoking a web service is
authorized to
do so. The database has targetNamespace of the service paired
with
the
username/key. So, need to find the targetNamespace of the
WebService
at
runtime in ServerPasswordCallback Class that implements
CallbackHandler
(using ws-security). Is this possible via some api or I need to
inject
something into this callback class?
Regards,
Ben
Hmmmmm........ interesting problem. I'm not sure what the
best way to
do it is. It could also depend on how you are configuring the
ws-sec
stuff. If you are configuring the ws-sec/handler stuff on the
bus, you
really cannot store any state in it as that instance will be
shared by
all
services. You COULD configure it on a per-service basis and just
inject
the target namespace of that service into the handler as a
constructor
arg
or property or something. That's quite a bit more configuration
though.
If you want to keep it configured on a per-bus basis, I would
add an
interceptor in front of the ws-sec in interceptor that grabs the
Service
object from the Exchange, grabs the namespace in there and
stores it in
a
public ThreadLocal or something that the Handler would have
access to.
---
Daniel Kulp
[EMAIL PROTECTED]
http://www.dankulp.com/blog
---
Daniel Kulp
[EMAIL PROTECTED]
http://www.dankulp.com/blog
---
Daniel Kulp
[EMAIL PROTECTED]
http://www.dankulp.com/blog
