Josef,
Thanks
--Steve
Stephen Langella
Co-Director
Software Research Institute
Center for IT Innovations in Healthcare
Ohio State University
Senior Researcher
Department of Biomedical Informatics
Ohio State University
Office: (614) 293-9534
Lab: (614) 292-8420
[email protected]
> From: Josef Bajada <[email protected]>
> Reply-To: <[email protected]>
> Date: Wed, 19 Aug 2009 17:05:36 +0200
> To: <[email protected]>
> Subject: RE: Determining Caller's Identity
>
> Just put the annotation @Resource before the field and by
> resource-injection it should be populated automatically by the
> container.
>
> Josef
>
>
>
> -----Original Message-----
> From: Stephen Langella [mailto:[email protected]]
> Sent: 19 August 2009 15:48
> To: [email protected]
> Subject: Re: Determining Caller's Identity
>
> Josef,
>
> Thanks for the information, how do I get a handle the the
> WebServiceContext inside my service implementation?
>
> --Steve
>
> Stephen Langella
> Co-Director
> Software Research Institute
> Center for IT Innovations in Healthcare
> Ohio State University
>
> Senior Researcher
> Department of Biomedical Informatics
> Ohio State University
>
> Office: (614) 293-9534
> Lab: (614) 292-8420
> [email protected]
>
>
>> From: Josef Bajada <[email protected]>
>> Reply-To: <[email protected]>
>> Date: Wed, 19 Aug 2009 15:03:05 +0200
>> To: <[email protected]>
>> Subject: RE: Determining Caller's Identity
>>
>> If you use the servlet container's authentication and transport
> security
>> methods (through WEB-INF/web.xml) to force authentication (such as
> HTTP
>> BASIC Auth over HTTPS), you can simply put the following line in your
>> service implementation class.
>>
>>
>> /**
>> * The web-service context will be automatically injected by the
>> JAX-WS Container.
>> */
>> @Resource
>> private WebServiceContext context;
>>
>>
>> //in your methods where you need to check the caller:
>> if (context.getUserPrincipal() != null)
>> {
>> log.info(getUserPrincipal().getName() + ":: just called our
>> methods");
>> }
>>
>> Regards,
>> Josef
>>
>>
>>
>> -----Original Message-----
>> From: Eamonn Dwyer [mailto:[email protected]]
>> Sent: 19 August 2009 12:57
>> To: [email protected]
>> Subject: RE: Determining Caller's Identity
>>
>>
>> Hi Stephen
>> Not quite what you want but maybe you could do something like this
>> inside an interceptor rather than inside your service.
>>
>> TLSSessionInfo tlsSessionInfo = message.put(TLSSessionInfo.class);
>> Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates();
>> ... check the peer certificates and authorize based on this
>>
>> Regards
>> Eamonn
>>
>>> From: [email protected]
>>> To: [email protected]
>>> Subject: Determining Caller's Identity
>>> Date: Tue, 18 Aug 2009 14:37:12 -0400
>>>
>>> I have written and Apache CXF Web Service (WSDL First), inside the
>>> service I want to enforce authorization based on the identity of the
>>> client that called the service. I wanted to know if there was an API
>>
>>> call I can make from the service implementation to obtain the client
>>> identity. For example if the client authenticate over HTTPS with a
>>> client certificate.
>>>
>>> --Steve
>>>
>>> Stephen Langella
>>> Co-Founder
>>> Inventrio, LLC
>>> www.inventrio.com
>>>
>>> [email protected]
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> _________________________________________________________________
>> See all the ways you can stay connected to friends and family
>> http://www.microsoft.com/windows/windowslive/default.aspx
>
>
