On Thu June 4 2009 4:46:25 am Gabo Manuel wrote:
> Hi All,
>
> Problem #1 :
>
> I am implementing a service with both WS and RS annotations. I encounter
> the following problem:
>
> @Resource
> private Exchange exchange;
>
> @GET
> @Path("/")
> @WebMethod
> @WebResult(name="object")
> public Object getObject(long id) {
> System.out.println("exchange: " + exchange);
> }
>
> If I try to access it via SOAP, the exchange object IS null; but if I
> try to access the method via ReST, the exchange object is NOT null. As a
> follow-up question, would the exchange object be different for each
> transaction, i.e. thread-safe?
The main reason is that JAX-RS, by default, creates a new instance per request
and thus is injected per request. JAX-WS, on the other hand, creates a
single instance and injects everything up front (and no Exchange is live at
that point). You CAN configure in a new factory that WOULD create a new
instance per request, but even then I'm not sure if the exchange would get
injected. I doubt it. Performance would suffer though.
And no, access to the Exchange in that instance would not be thread safe, but
with a new instance per request, it doesn't matter.
> Problem #2 :
> How do I access the context from an interceptor? Given the following:
> public class SoapInHandler extends AbstractPhaseInterceptor<SoapMessage>{
> private static Logger logger = Logger.getLogger(SoapInHandler.class);
> public SoapInHandler() {
> // not sure which phase to use.
> // super(Phase.UNMARSHAL);
> // super(Phase.PRE_INVOKE);
> // super(Phase.READ);
> super(Phase.POST_PROTOCOL);
> }
>
> @Override
> public void handleMessage(SoapMessage message) throws Fault {
> // i need to get the UserPrincipal here...
> // i need to get the UserPrincipal here...
> try {
> SoapHeader security = (SoapHeader)message.getHeader(new
> QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-s
>ecext-1.0.xsd","Security")); //this always returns empty
> logger.info("actor: " + security.getActor());
> } catch(Exception e){
> logger.warn("unable to retrieve actor.." + e.getMessage(), e);
> }
> }
> }
Hmmm... that should have worked I would think. Maybe the wss4j removes the
header if it's processed? Not really sure.
That said, if you run after the Wss4jInInterceptor, you can do one of:
Principal p = (Prinicpal)message.get(Wss4jInInterceptor.PRINCIPAL_RESULT)
or
SecurityContext c = message.get(SecurityContext.class);
Principal p = c.getUserPrincipal();
Dan
> I tried retrieving the wsse:Security header, but I am not able to
> retrieve the username token or any of it's child nodes.
>
> Any suggestions?
>
> Again, thanks in advance.
>
> Gabo
--
Daniel Kulp
[email protected]
http://www.dankulp.com/blog
