spring ws security - authentication from request header?

I'm looking for a way to secure a web service whereby the user id is to be got from the request headers.

The ssl handshake is taken care of so I'm not 开发者_StackOverflowsure if I need to use a subclass of org.springframework.ws.soap.security.AbstractWsSecurityInterceptor

Once the user id is got from the request then I'd like to use the standard spring security to authenticate the user as I am already doing this for spring mvc projects.

Thanks

---

I have used XwsSecurityInterceptor (one of the implementations of AbstractWsSecurityInterceptor) succesfully for a few projects. I'm not sure if the way of passing the userId is already defined or that you can propose using xws-security instead.

If the way of passing the id is already defined, creating a new implementation of AbstractWsSecurityInterceptor shouldn't be too much trouble. Take a look at the handleRequest method where you can access the soap request and check for the header.

You can simply wire up the new security interceptor in the endpoint mapping to debug it.