Josef,
I tried what you suggested but context.getUserPrincipal() returned null.
Keep in mind I am using X.509 client certificates to authenticate with the
server, I am trying to get the subject DN from the clients certificate as
opposed to a basic authentication user id. Is this supported or am I doing
something wrong? In Googling around I found a JIRA issue related to this
and it is not clear whether or not what I am trying to do is supported:
https://issues.apache.org/jira/browse/CXF-1680
I would appreciate if someone would comment, thanks in advance.
--Steve
Stephen Langella
Co-Director
Software Research Institute
Center for IT Innovations in Healthcare
Ohio State University
Senior Researcher
Department of Biomedical Informatics
Ohio State University
Office: (614) 293-9534
Lab: (614) 292-8420
[email protected]
> From: Josef Bajada <[email protected]>
> Reply-To: <[email protected]>
> Date: Wed, 19 Aug 2009 15:03:05 +0200
> To: <[email protected]>
> Subject: RE: Determining Caller's Identity
>
> If you use the servlet container's authentication and transport security
> methods (through WEB-INF/web.xml) to force authentication (such as HTTP
> BASIC Auth over HTTPS), you can simply put the following line in your
> service implementation class.
>
>
> /**
> * The web-service context will be automatically injected by the
> JAX-WS Container.
> */
> @Resource
> private WebServiceContext context;
>
>
> //in your methods where you need to check the caller:
> if (context.getUserPrincipal() != null)
> {
> log.info(getUserPrincipal().getName() + ":: just called our
> methods");
> }
>
> Regards,
> Josef
>
>
>
> -----Original Message-----
> From: Eamonn Dwyer [mailto:[email protected]]
> Sent: 19 August 2009 12:57
> To: [email protected]
> Subject: RE: Determining Caller's Identity
>
>
> Hi Stephen
> Not quite what you want but maybe you could do something like this
> inside an interceptor rather than inside your service.
>
> TLSSessionInfo tlsSessionInfo = message.put(TLSSessionInfo.class);
> Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates();
> ... check the peer certificates and authorize based on this
>
> Regards
> Eamonn
>
>> From: [email protected]
>> To: [email protected]
>> Subject: Determining Caller's Identity
>> Date: Tue, 18 Aug 2009 14:37:12 -0400
>>
>> I have written and Apache CXF Web Service (WSDL First), inside the
>> service I want to enforce authorization based on the identity of the
>> client that called the service. I wanted to know if there was an API
>
>> call I can make from the service implementation to obtain the client
>> identity. For example if the client authenticate over HTTPS with a
>> client certificate.
>>
>> --Steve
>>
>> Stephen Langella
>> Co-Founder
>> Inventrio, LLC
>> www.inventrio.com
>>
>> [email protected]
>>
>>
>>
>>
>>
>>
>
> _________________________________________________________________
> See all the ways you can stay connected to friends and family
> http://www.microsoft.com/windows/windowslive/default.aspx
