On Fri February 20 2009 1:21:42 pm Slava Imeshev wrote:
> Daniel,
>
> I am pretty new to CXF. I'd very grateful if you could you point me
> in the right direction. Any examples/tutorials?
It's pretty simple acutally. In your Impl bean, add a field:
@Resource
private WebServiceContext context;
That will get the context injected.
Then in your method, do:
context.getUserPrincipal()
or
context.isUserInRole("blah");
As long as the user has authenticated (basic auth), then those methods should
return the information that the app server returns from the
HttpServletRequest.
Dan
>
> Regards,
>
> Slava Imeshev
>
> > -----Original Message-----
> > From: Daniel Kulp [mailto:[email protected]]
> > Sent: Friday, February 20, 2009 7:58 AM
> > To: [email protected]
> > Cc: Slava Imeshev
> > Subject: Re: Authentication and authorization
> >
> >
> > The JAX-WS spec kind of covers this.
> >
> > If you inject WebServiceContext, from the context, you can
> > get the user
> > principal and call the isUserInRole call which would call
> > back into the tomcat
> > auth modules. From that, you can act on it any way you please.
> >
> > Dan
> >
> > On Thu February 19 2009 5:58:12 pm Slava Imeshev wrote:
> > > Hi all,
> > >
> > > I have an interesting use case that I am not sure how to approach.
> > >
> > > Consider a service MyService on Tomcat, pseudocode:
> > >
> > > MyService {
> > > Set<Entry> getEntries();
> > > }
> > >
> > > For that service, if the requester did not authenticate, the
> > > getEntries would return a limited list of entries, only
> >
> > those allowed
> >
> > > for "public" access. If the requestor did authenticate, the
>
> service
>
> > > returns an extended set. How can this be done with CXF?
> > >
> > > Regards,
> > >
> > > Slava Imeshev
> >
> > --
> > Daniel Kulp
> > [email protected]
> > http://www.dankulp.com/blog
--
Daniel Kulp
[email protected]
http://www.dankulp.com/blog
