Accessing User Principal in a Web Service
WS-Security provides a standard way to secure Web Services. Since based
on SOAP it is agnostic of the stack you are using. When using JAX-RPC
implementation, you are running in a J2EE container. In this post I am
giving a tip to access the Principal object.
I have a service service, and I need to access some user information in
its implementation class ( org.tug.ws.sample.SimpleServiceImpl
). This service is secure with WS-Security, with for example simple
authentication, the following screenshot, is the configuration of
inbound security in OracleAS 10gR3:
So the service is secured, here the code that you have to add in your service implementation (or handlers) to access the Principal object.
- Implement javax.xml.rpc.server.ServiceLifecycle
- Implement the init(Object context) method to access
the ServletEndpointContext,
that you can for example put as a local member of your implementation
class.
public void init(Object context) {
_servleContext = (ServletEndpointContext)context;
}
-
Then you can access the principal object using the getUserPrincipal() method:
...
if (_servleContext.getUserPrincipal() != null ) {
Principal userPrincipal = _servleContext.getUserPrincipal();
...
}
...
Update on Wednesday october 4th: Frank Nimphius, has use this entry to create a more detail article about End to End Security with Web Services Security.
No comments:
Post a Comment