I do this by writing my own UsernameTokenValidator, in my
verifyPlaintextPassword(), after I verify things, I just set the
details into a ThreadLocal variable, then everything else has access
to the user/password or what ever you want.
After subclassing UsernameTokenValidator all I did was register it
with the cxf:bus, i.e. in spring :
<cxf:bus>
<cxf:properties>
<entry key="ws-security.ut.validator"
value="MyUsernameTokenValidator" />
</cxf:properties>
...
On 8/22/12, Glen Mazza <[email protected]> wrote:
> There's another CXF user currently working towards using a custom
> validator to get the password
> (http://cxf.547215.n5.nabble.com/Urgent-Blank-password-received-on-server-side-password-callback-tp5712743p5712749.html)--you
>
> may need to do that to disable the UsernameTokenValidator.
>
> CXF has a "context.get(Header.HEADER_LIST)" --
> http://cxf.apache.org/faq.html#FAQ-HowcanIaddsoapheaderstotherequest%2Fresponse%3F
>
> -- to be able to obtain SOAP headers from within your SEI methods but it
> does not appear commonly used (googling it doesn't turn up much),
> reading/manipulating SOAP headers via interceptors
> (http://www.jroller.com/gmazza/entry/jaxwshandlers_to_cxfinterceptors),
> JAX-WS Handlers or the JAX-WS Provider interface is probably more common.
>
> HTH,
> Glen
>
> On 08/21/2012 03:11 PM, Rudy Meyer wrote:
>> Hello,
>>
>> I am using CXF 2.6.1. I have a case where I need the username/password
>> passed in the security header for further processing in my service
>> endpoint
>> and I am not sure how to accomplish this. I have this annotation on my
>> service:
>> @org.apache.cxf.interceptor.InInterceptors (interceptors =
>> {"com.base.WSSecurityInterceptor" })
>>
>> In that interceptor.handleMessage() I have this code:
>>
>> Map<String, Object> inProps = new HashMap<String, Object>();
>> inProps.put(WSHandlerConstants.ACTION,
>> WSHandlerConstants.USERNAME_TOKEN);
>> inProps.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordHandler());
>>
>> WSS4JInInterceptor wss4jInHandler = new WSS4JInInterceptor(inProps);
>> ValidateUserTokenInterceptor userTokenInterceptor = new
>> ValidateUserTokenInterceptor(Phase.POST_PROTOCOL);
>>
>> message.getInterceptorChain().add(wss4jInHandler);
>> message.getInterceptorChain().add(new SAAJInInterceptor());
>> message.getInterceptorChain().add(userTokenInterceptor);
>>
>> I do not want the PasswordHandler() to set a password and I do not want
>> the
>> built-in UsernameTokenValidator to validate the password. I have read
>> Colm's blog
>> http://coheigea.blogspot.com/2011/06/custom-token-validation-in-apache-cxf.html
>> Custom token validation in Apache CXF 2.4 but I don't understand where
>> these settings go and how to implement this. What I need is access to
>> the
>> username and password passed in the message within my serviceimpl method.
>>
>> I could use help to get through this learning curve.
>>
>> Thank you.
>>
>>
>>
>> --
>> View this message in context:
>> http://cxf.547215.n5.nabble.com/How-to-obtain-the-Username-Token-username-and-password-in-the-endpoint-tp5712917.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
--
Ted.
