Hi Andrei, i've setup a security constraint and associated role in the web.xml and that works for browser based requests. the problem i'm having is authenticating the ws client requests.
as a matter of fact your approach is exactly what i want to do: obtain the current user via the getUserPrincipal() method. but i cant get the request authenticated. i don't know how to get the webserivce request to pass the credentials to the app server. i've tried the interceptors described here https://cxf.apache.org/docs/ws-security.html i tried the interceptors on the client side only. then i added an interceptor on the server side and wrote a custom callback handler which did get invoked but the server then threw an 'unauthorized error' ... what i'm trying to achieve is to utilize the authentication mechanisms already in place on the tomcat server. a way to pass the credentials to the server the way a web browser does. since most webservices will be hosted on some kind of servlet container i thought the approach i'm trying to take would be kind of common. or i'm completely missing something here :-( thanks again, michael -- View this message in context: http://cxf.547215.n5.nabble.com/utilizing-tomcat-authentication-for-webservices-tp5742376p5742385.html Sent from the cxf-user mailing list archive at Nabble.com.
