Hi John
Agreed, it would be worth documenting on how to access the context infomation
when combining JAX-WS and JAX-RS. There're 2 variations but the advice would
be probably the same.
Case 1. JAX-WS invocation is mapped to methodA, while JAX-RS invocation is
mapped to methodB.
For ex :
void doJaxWs(String a);
void doJaxRs(String a);
Probably the main reason these two methods exist is that it's not possible to
reuse the same method (signature) between both JAX-WS and JAX-RS invocations.
In cases like this what was suggested on this thread (inexplicitly sometimes)
is to do something like this :
@Resource
public void setWebServiceContext(WebServiceContext webServiceContext) {
this.webServiceContext = webServiceContext;
}
void doJaxWs(String a) {
verify(getSecurityInfoFromJaxWsContext(webServiceContext));
....
}
@WebMethod(exclude = true)
void doJaxRs(String a, @Context SecurityContext sc) {
verify(getSecurityInfoFromJaxRsContext(sc));
}
Note if this latter method is invoked directly by JAX-RS runtime, the context
will be set as a parameter properly.
private void verify(SecurityInfo si) throws SecurityException {}
private static class SecurityInfo {
Principal getPrincipal() {...}
boolean isUserInRole() {...}
}
The same applies to all other types of context information.
Few notes about this method :
@WebMethod(exclude = true)
void doJaxRs(String a, @Context SecurityContext sc) {
verify(getSecurityInfoFromJaxRsContext(sc));
}
As I said earlier, quite soon it will be possible, for JAX-RS, to inject the
same context info either into fields or through setters :
@Context SecurityContext sc;
or
@Context
setSecurityContext(SecurityContext sc) {}
Note what is said above still applies, as these forms of injection in JAX-RS
are there simply to let developers not to put @Context annotated parameters
into the resource methods invoked by JAX-RS as they might come as part of the
existing interface, etc.
2. Sometimes, it can be possible to have the same method serve both JAX-WS and
JAX-RS invocations, without creating method pairs. In cases like these the
best way to extract some specific context info available in both JAX-WS and
JAX-RS contexts is again rely on the technique suggested above, where the
common info is extracted into a seperate utility class. The only difference
here is that the injection of JAX-RS contexts through parameters can not be
supported.
Hope it helps. And thanks for experimenting...
Cheers, Sergey
> Dan,
>
> Thanks. I appreciate you must be really tiring of this thread! This
> works correctly;
>
> private WebServiceContext webServiceContext;
>
> @Resource
> public void setWebServiceContext(WebServiceContext webServiceContext)
> { this.webServiceContext = webServiceContext; }
>
> I think it would be nice to put all of this into a Wiki page given there
> are two distinct mechanisms of getting the Principal when a bean is
> exposed as a WS and REST service.
>
>
> John Baker
> --
> Web SSO
> IT Infrastructure
> Deutsche Bank London
>
> URL: http://websso.cto.gt.intranet.db.com
>
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
