You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Faz <ar...@gmail.com> on 2013/11/07 19:55:14 UTC
SecurityContext AND Principal Object
Hi All,
Have a few queries pertaining SecurityContext.
--When I include the ws-security policy in the WSDL file, then I get
WSS4JINinterceptors when I do a get on the Message Object.
-- When I dont have the ws-security in wsdl, then i have
AbstractHTTPDestination when i do a get on the Message Object.
1. Now, is the above outcome normal? I mean is it supposed to behave in the
similar fashion.
2 . In the case of my WSDL not having ws-security policy, I have the
message object with ,
*org.apache.cxf.security.SecurityContext=org.apache.cxf.transport.http.AbstractHTTPDestination$2@16f3ed7*
- When I do message.get(SecurityContext.class).getUserPrincipal(), its
always returning null in the above scenario.? Why is that?
- And I get a classcast exception, when i do the below.
* SecurityContext context = message.get(SecurityContext.class);
AbstractHTTPDestination ahd1 = (AbstractHTTPDestination)context; *
Even though the context holds AbstractHTTPDestination object in this
context, am unable to retrieve it? am I DOING ANY OBVIOUS MISTAKE?
thanks.
--
View this message in context: http://cxf.547215.n5.nabble.com/SecurityContext-AND-Principal-Object-tp5736103.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: SecurityContext AND Principal Object
Posted by Faz <ar...@gmail.com>.
Thnx Andrei,
I would like to know how else can we get the principal object from the
httpdestination code.
Like Colm mentioned,I would like to know about the transport code if client
authentication is used?
--
View this message in context: http://cxf.547215.n5.nabble.com/SecurityContext-AND-Principal-Object-tp5736103p5736208.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: SecurityContext AND Principal Object
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
"org.apache.cxf.transport.http.AbstractHTTPDestination$2@16f3ed7*" is a reference on anonymous class created in AbstractHTTPDestination:
...
inMessage.put(SecurityContext.class, new SecurityContext() {
public Principal getUserPrincipal() {
return req.getUserPrincipal();
}
public boolean isUserInRole(String role) {
return req.isUserInRole(role);
}
});
...
You can work with this object using org.apache.cxf.security.SecurityContext interface.
Regards,
Andrei.
> -----Original Message-----
> From: Faz [mailto:arshadmohammed.techie@gmail.com]
> Sent: Freitag, 8. November 2013 16:54
> To: users@cxf.apache.org
> Subject: Re: SecurityContext AND Principal Object
>
> Thanks for the response Colm.
>
> Bit confused with the 1 piece of response, could you please shed some light
> on '*SecurityContext Object created in AbstractHTTPDestination. *' ?
> So is there any useful info that I can extract out of above object??? If so how
> can be access them?
>
> I was successful in retrieving the principal object when using WS-security in
> wsdl, but wasn't yet successful in retrieving it with- ws-security policy.. Could
> you please help me out with this stmt :'*the transport code if client
> authentication*'?
>
> Thanks again!
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/SecurityContext-AND-Principal-Object-
> tp5736103p5736153.html
> Sent from the cxf-user mailing list archive at Nabble.com.
Re: SecurityContext AND Principal Object
Posted by Faz <ar...@gmail.com>.
Thanks for the response Colm.
Bit confused with the 1 piece of response, could you please shed some light
on '*SecurityContext Object created in AbstractHTTPDestination. *' ?
So is there any useful info that I can extract out of above object??? If so
how can be access them?
I was successful in retrieving the principal object when using WS-security
in wsdl, but wasn't yet successful in retrieving it with- ws-security
policy.. Could you please help me out with this stmt :'*the transport code
if
client authentication*'?
Thanks again!
--
View this message in context: http://cxf.547215.n5.nabble.com/SecurityContext-AND-Principal-Object-tp5736103p5736153.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SecurityContext AND Principal Object
Posted by Colm O hEigeartaigh <co...@apache.org>.
Your ClassCastException is because the Object referred to as "org.apache.
cxf.transport.http.AbstractHTTPDestination$2@16f3ed7*" is not an instance
of AbstractHTTPDestination, but a SecurityContext Object created in
AbstractHTTPDestination.
The SecurityContext object is created in a few different places depending
on where CXF can find a principal. So it could be in the transport code if
client authentication is used, or in the WSS4JInInterceptor if WS-Security
is used, etc.
Colm.
On Thu, Nov 7, 2013 at 6:55 PM, Faz <ar...@gmail.com> wrote:
> Hi All,
>
> Have a few queries pertaining SecurityContext.
>
> --When I include the ws-security policy in the WSDL file, then I get
> WSS4JINinterceptors when I do a get on the Message Object.
> -- When I dont have the ws-security in wsdl, then i have
> AbstractHTTPDestination when i do a get on the Message Object.
>
> 1. Now, is the above outcome normal? I mean is it supposed to behave in the
> similar fashion.
>
> 2 . In the case of my WSDL not having ws-security policy, I have the
> message object with ,
>
>
> *org.apache.cxf.security.SecurityContext=org.apache.cxf.transport.http.AbstractHTTPDestination$2@16f3ed7
> *
>
> - When I do message.get(SecurityContext.class).getUserPrincipal(), its
> always returning null in the above scenario.? Why is that?
>
> - And I get a classcast exception, when i do the below.
> * SecurityContext context = message.get(SecurityContext.class);
> AbstractHTTPDestination ahd1 = (AbstractHTTPDestination)context; *
> Even though the context holds AbstractHTTPDestination object in this
> context, am unable to retrieve it? am I DOING ANY OBVIOUS MISTAKE?
> thanks.
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/SecurityContext-AND-Principal-Object-tp5736103.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com