Inside WSSecurityInterceptor (which extends AbstractSoapInterceptor) I'm explicitly creating a HashMap with the properties to create a WSS4JInterceptor. That interceptor and my SAAJInINterceptor are added to the chain in my handleMessage routine. There are userful operations on the WSS4JInterceptor, but at this point in code the callback doesn't appear to have been called yet. So calling the operations on the interceptor return null. I tried calling doIntercept off the interceptorChain but I get the same results.
To be honest, I'm a bit unclear on how the phases work and the interactions of the classes at this point. So it's very possible I'm doing something wrong. I think I need the message context inside the CallbackHandler's handle routine. I just don't know how to get ahold of it or if that's even the correct approach. W On Wed, Jun 4, 2008 at 3:40 PM, Boxiong Ding <[EMAIL PROTECTED]> wrote: > Did you try extending WSS4JInInterceptor instead? It has a method called > handleMessage() which takes a SoapMessage. I think you can do some > manipulation there. > Boxiong > > > ----- Original Message ---- > From: Wes <[EMAIL PROTECTED]> > To: [email protected] > Sent: Wednesday, June 4, 2008 12:20:37 PM > Subject: WSS4J, CXF, & Custom Attributes to a Service > > Hello, > I hope you guys (and gals) can help. I've been fighting this for days. > > I have a CXF service that implements Username Token profile security via > the > WSS4J api. Everything works as expected. I'm using SoapUI to test the > service. I can set an explicit username and password. Pass that data > through a class (WSSecurityInterceptor) that extends > AbstractSoapInterceptor > where I can place a CallBack class that implements CallbackHandler and > validate the username/password I sent in from SOAPUI. > > In my callback class, I will be integrating the authentication to an Access > Manager API provided by our portal implementation. I can do this also > without a problem. The problem comes in when.... once I authenticate the > user I have access to all the data from our backend ldap that I will need > in > my service. I've been trying to figure out a way to decorate the incoming > SOAP request with this specific data and, once inside my service, retrieve > the data without double-tapping ldap. > > I've tried adding SOAP Headers, but there isn't a context inside the handle > method of the CallbackHandler. There has got to be a way to do this that > I'm > just flat out missing. What is the correct way to decorate the SOAP request > with additional data (provided during the actual authentication routine) > inside the implemented CallbackHandler class? > > Any hints would be greatly appreciated. > Wes > > > >
