Sorry, my advice was a bit misleading then. The reason I mentioned the approach with extending the interceptor was that it allows one to do create the security context which is role-aware early and possibly propagate it further to EJB/etc - this is how things are done in JBossCXF. But this is an overkill if all one wants is to get a principal :-).
cheers, Sergey On Fri, Jul 23, 2010 at 4:20 PM, Daniel Kulp <[email protected]> wrote: > On Friday 23 July 2010 4:39:05 am Antoine Roux wrote: > > Hi, > > I have a web service authenticating with WS-Security. On the server side, > I > > set up the WSS4j interceptor and I have a password call back that checks > > the the username/password against my database. The service being called > > subsequently if authentication succeeds needs to know the identity of the > > user. > > What is th right to pass it to the service? Is it to store it in the > > session? Or is there a better way? > > It's actually already stored in the session. If you have the > WebServiceContext injected, you can call the getPrincipal method on it > which > will likely be the Principal provided by wss4j in your case. > > Dan > > > > > > > -- > > Antoine Roux, > > NetVitesse S.A.R.L > > [email protected] > > Phone: +33 (0)1 61 37 04 24 > > Mobile: +33 (0)6 20 69 07 96 > > Fax: +33 (0)1 70 24 87 88 > > -- > Daniel Kulp > [email protected] > http://dankulp.com/blog >
