Hi On Wed, Mar 9, 2011 at 1:33 PM, Jerome Revillard <[email protected]>wrote:
> Dear all, > > Is there an equivalent to WebServiceContext in order to get the container > Principal/Subject/Credential from a web service? > > WebServiceContext implementation uses org.apache.cxf.security.SecurityContext internally. So if you prefer you may want to register a custom CXF in interceptor and get the internal SecurityContext from the current message: SecurityContext sc = message.get(SecurityContext.class) sc.getUserPrincipal() sc.isUserInRole In CXF 2.3.3 we have introduced LoginSecurityContext which extends SecurityContext. One can use it to get the actual Subject and the list of roles but only if it was CXF that initiated the external authentication process, possibly via JAAS. Please see: http://cxf.apache.org/docs/security.html#Security-Authentication Cheers, Sergey > Best, > Jerome > >
