Hello, I hope you guys (and gals) can help. I've been fighting this for days.
I have a CXF service that implements Username Token profile security via the WSS4J api. Everything works as expected. I'm using SoapUI to test the service. I can set an explicit username and password. Pass that data through a class (WSSecurityInterceptor) that extends AbstractSoapInterceptor where I can place a CallBack class that implements CallbackHandler and validate the username/password I sent in from SOAPUI. In my callback class, I will be integrating the authentication to an Access Manager API provided by our portal implementation. I can do this also without a problem. The problem comes in when.... once I authenticate the user I have access to all the data from our backend ldap that I will need in my service. I've been trying to figure out a way to decorate the incoming SOAP request with this specific data and, once inside my service, retrieve the data without double-tapping ldap. I've tried adding SOAP Headers, but there isn't a context inside the handle method of the CallbackHandler. There has got to be a way to do this that I'm just flat out missing. What is the correct way to decorate the SOAP request with additional data (provided during the actual authentication routine) inside the implemented CallbackHandler class? Any hints would be greatly appreciated. Wes
