Hi, I have a problem for which the answer escapes me. I am using CXF to deploy a webservice in an embedded Jetty webserver (extending the CXFNonSpringServlet). I am also performing username/password authentication (implementing the CallbackHandler). The problem is that when invoking the web service implementation, I need that username to see if the user is authorised to perform the task.
Any ideas on how to achieve this? I would think that the way to handle this problem is to use the session of the request, but in the CallbackHandler (here I have the username) there is no way to retrieve the request. The same for the web service. Once you are in the implementation bean of the webservice, there is no way to reach the request, or the session associated with the request. The alternative is to implement operations/methods that always sent the username/password and let the web service do the authentication/authorisation all by itself, but I prefer not using this solution... any help would be appreciated ! kind regards Guy
