Hi,
Not 100% sure that I understood your use case correctly.
If you have authenticated user in your service implementation from
SecurityContext, you can simply set property in client call context and read
this property in your client Token interceptor:
((BindingProvider)proxy).getRequestContext().put("thread.local.request.context",
"true");
myUser = securityContext.getAuthentication().getPrincipal();
((BindingProvider)proxy).getRequestContext().put("authenticatedUser", myUser);
...
public class TokenInterceptor extends AbstractPhaseInterceptor<Message>
{
public void handleMessage(Message message) {
String username = message.getContextualProperty("authenticatedUser");
...
}
Regards,
Andrei.
> -----Original Message-----
> From: Burkard Stephan [mailto:[email protected]]
> Sent: Freitag, 3. August 2018 15:13
> To: [email protected]
> Subject: How to get username of authenticated user to create a token for a
> downstream call
>
> Hi
>
> I try to accomplish something I thought is quite a standard use case. I was
> probably wrong since I did not found a complete example for it.
>
> Goal: Build a secured CXF/SpringBoot webservice that calls other secured
> webservice(s).
> Setup: SpringBoot (1.5.x), CXF (3.1.x), WSS4J (2.1.x), Spring Security (4.2.x)
>
> **What I want to accomplish**
>
> - My CXF/SpringBoot webservice must authenticate requests against LDAP.
> => I have a working Spring Security setup with AuthenticationManager,
> UserDetailsService etc.
> => This setup depends on the Spring SecurityContext.
>
> - My CXF/SpringBoot webservice must accept WSS Username/Password
> (Plaintext).
> => I use a combination of SAAJInInterceptor and WSS4JInInterceptor (no
> password callback!) to create a UsernameToken from the WSS header.
> => I use a custom "ws-security.ut.validator" to create a Spring
> SecurityContext
> from the UsernameToken and authenticate the user against LDAP.
>
> - My CXF/SpringBoot webservice must call a downstream webservice that
> accepts a proprietary token type.
> => This requires another CXF (client) endpoint configuration.
> => I use a custom out-interceptor that extends AbstractTokenInterceptor to
> add the proprietary token to the request.
> => However, currently the username is hardcoded because I don't know where
> to get it.
>
> Question: In my Spring SecurityContext I have the authenticated user. But how
> can I "hand over" the username to the TokenInterceptor?
>
> Question: Let's assume I do two downstream calls to finally create the
> response
> for the initial service request. Are these calls individual "contexts" from a
> CXF
> point of view or is there some kind of "management" around that holds all data
> of all the calls?
>
> Thanks
> Stephan
As a recipient of an email from Talend, your contact personal data will be on
our systems. Please see our contacts privacy notice at Talend, Inc.
<https://www.talend.com/contacts-privacy-policy/>
