WebServiceContext Principal

[Davide Gesino <wi...@libero.it>]

According to the javadoc of WebServiceContext class,


getUserPrincipal() Returns the Principal that identifies the sender of the
request currently being serviced. If the sender has not been authenticated,
the method returns null.

how is supposed to be filled this Principal?
When?
By whom?
-- 
View this message in context: http://www.nabble.com/WebServiceContext-Principal-tp15708867p15708867.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: WebServiceContext Principal

[Daniel Kulp <dk...@apache.org>]

On Wednesday 27 February 2008, Davide Gesino wrote:
> According to the javadoc of WebServiceContext class,
>
>
> getUserPrincipal() Returns the Principal that identifies the sender of
> the request currently being serviced. If the sender has not been
> authenticated, the method returns null.
>
> how is supposed to be filled this Principal?
> When?
> By whom?

Well, that's kind of application specific.   When running inside a 
servlet engine and using the CXFServlet, the CXFServlet provides an 
implementation that makes the getUserPrincipal() call back onto the same 
method of the current HttpServletRequest.   Thus, it's filled in by 
tomcat from the information tomcat knows about.  (like tomcat-users.xml 
in the tomcat conf directory along with information in the web.xml)

HOWEVER, if you have some sort of custom CXF interceptor, you can create 
your own org.apache.cxf.security.SecurityContext object that does 
whatever custom thing you need and set that in the message and then the 
calls to the WebServiceContext getUserPrincipal stuff will go through 
that. 

Ideally, the ws-security stuff would also set a new SecurityContext or 
similar with the information it has.   I'm not sure if it has a 
principal or role information right now or not.  

-- 
J. Daniel Kulp
Principal Engineer, IONA
dkulp@apache.org
http://www.dankulp.com/blog