I am using latest Apache CXF to create a webservice. I have configured ws-security using org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor. In my passwordCallbackClass I can access the user or identifier by calling getIdentifier() method of org.apache.ws.security.WSPasswordCallback class.
I am also using spring for the whole setup.
I would like to know how to access the identifier any where else in the code? I could think of using ThreadLocal in my passwordCallbackClass? Another way is define to an identifier property in all my service method parameters but that would mean client need to pass the identifier twice, one in the security block and again in the service call?
Edit
My service class looks like this and I need to read the Identifier in sayHi method.
@WebService(endpointInterface = "com.webservice.HelloWorld")
public class HelloWorldImpl implements HelloWorld {
public String sayHi(String text) {
return "Hello " + text;
}
}
My Password callback method is th开发者_JAVA百科is where I can get the Identifier.
public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackExceptio {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.getIdentifier();
}
I used ThreadLocal in my Password callback method to store the Identifier. I then access the ThreadLocal anywhere in the code to know the identifier.
Define "any where else in the code"? Are you talking about in other interceptors? In your server implementation? Are you using JAXWS or the simple frontend? Etc...
If using jaxws and you want it in your server impl, the JAXWS WebServiceContext has a getUserPrincipal() method that would just be a principal that WSS4J creates after you validate the user.
Pretty much anywhere else (or even in the server impl using the context), you can do something like:
message.get(SecurityContext.class).getUserPrincipal();
to achieve the same result.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论