Just out of curiosity, if you're using a WSS4J interceptor, wouldn't it be easier to just call WebServiceContext.getUserPrincipal()? or is that some how unreliable?
On Fri, Feb 20, 2009 at 10:27:15AM -0800, derek.adams wrote: > > Which authentication method are you using? If you are using WS-Security via > the WSS4JInInterceptor, then you can set the authenticated user in your > password callback class. Generally, the easiest method is to set a thread > local variable (the method Spring security uses). If you are using HTTP > basic authentication, I am pretty sure you would be able to get the username > from the HTTP headers. > > > Slava Imeshev wrote: > > > > Hi Derek, > > > > Thank you. How will webservice implementation know who is calling? And > > how will it know that in one case user has not been authenticated? > > > > Regards, > > > > Slava Imeshev > > > > P.S. There is no Spring in picture > > > > > > -- > View this message in context: > http://www.nabble.com/Authentication-and-authorization-tp22111513p22125831.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Ted Leung [email protected] It's time for a new bike when the bulb in your shift light burns out.
