You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by kkan <ki...@hotmail.com> on 2007/09/08 06:46:40 UTC
Getting User ID from WS-Security Username Token
I have been trying to get the userID of WS-Security UsernameToken from my
WebService implementation class. Could anyone point me in the right
direction? Thanks in advance.
The details are:
I have tried getting the AuthorizationPolicy as decribed here, but got a
null AuthorizationPolicy:
http://www.nabble.com/Request-context---t4378778.html
I have tried getting the latest 2.0.2 that has a fix on Tomcat (I am
deploying the CXFServlet under JBoss):
https://issues.apache.org/jira/browse/CXF-961
webServiceContext.getUserPrincipal() returns null.
I did a dump of all the entries available to my MessageContext:
MessageContext ctx = (MessageContext) context.getMessageContext();
Set<String> keySet = ctx.keySet();
Iterator<String> i = keySet.iterator();
while (i.hasNext())
{
System.out.println("key = " + (String)i.next());
}
And I got the following objects in my
23:55:06,816 INFO [STDOUT] key = RECV_RESULTS
23:55:06,816 INFO [STDOUT] key = javax.xml.ws.wsdl.operation
23:55:06,816 INFO [STDOUT] key = javax.xml.ws.binding.attachments.inbound
23:55:06,816 INFO [STDOUT] key = HTTP.RESPONSE
23:55:06,816 INFO [STDOUT] key = javax.xml.ws.http.request.pathinfo
23:55:06,816 INFO [STDOUT] key = org.apache.cxf.transport.Destination
23:55:06,816 INFO [STDOUT] key = org.apache.cxf.message.Message.ENCODING
23:55:06,816 INFO [STDOUT] key = org.apache.cxf.security.SecurityContext
23:55:06,816 INFO [STDOUT] key = Content-Type
23:55:06,816 INFO [STDOUT] key = org.apache.cxf.service.model.MessageInfo
23:55:06,816 INFO [STDOUT] key = org.apache.cxf.message.Message.PATH_INFO
23:55:06,816 INFO [STDOUT] key = javax.xml.ws.wsdl.service
23:55:06,816 INFO [STDOUT] key = HTTP.REQUEST
23:55:06,816 INFO [STDOUT] key = javax.xml.ws.servlet.request
23:55:06,816 INFO [STDOUT] key = javax.xml.ws.wsdl.interface
23:55:06,816 INFO [STDOUT] key = javax.xml.ws.wsdl.port
23:55:06,816 INFO [STDOUT] key = javax.xml.ws.http.request.headers
23:55:06,816 INFO [STDOUT] key = javax.xml.ws.servlet.response
23:55:06,816 INFO [STDOUT] key = javax.xml.ws.wsdl.description
23:55:06,816 INFO [STDOUT] key = javax.xml.ws.servlet.context
23:55:06,826 INFO [STDOUT] key =
org.apache.cxf.message.Message.HTTP_REQUEST_METHOD
23:55:06,826 INFO [STDOUT] key = HTTP.CONTEXT
23:55:06,826 INFO [STDOUT] key = org.apache.cxf.message.Message.BASE_PATH
23:55:06,826 INFO [STDOUT] key =
org.apache.cxf.message.Message.QUERY_STRING
23:55:06,826 INFO [STDOUT] key = org.apache.cxf.headers.Header.list
23:55:06,826 INFO [STDOUT] key = javax.xml.ws.binding.attachments.outbound
23:55:06,826 INFO [STDOUT] key =
org.apache.cxf.jaxws.context.WrappedMessageContext.SCOPES
23:55:06,826 INFO [STDOUT] key = javax.xml.ws.http.request.method
23:55:06,826 INFO [STDOUT] key =
org.apache.cxf.message.Message.PROTOCOL_HEADERS
I set up my Callback as such:
<jaxws:inInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken"/>
<entry key="passwordType" value="PasswordText"/>
<entry key="passwordCallbackClass"
value="com.haha.cxf.servlet.PWCallback"/>
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
--
View this message in context: http://www.nabble.com/Getting-User-ID-from-WS-Security-Username-Token-tf4404923.html#a12566781
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Getting User ID from WS-Security Username Token
Posted by kkan <ki...@hotmail.com>.
Fred - that works. Thanks!
For those who are interested, the code looks like the following. Note that
you'll need to do some null checking before using this in production:
MessageContext ctx = (MessageContext) context.getMessageContext();
List recv = (List)ctx.get("RECV_RESULTS");
WSHandlerResult wsResult = (WSHandlerResult)recv.get(0);
WSSecurityEngineResult wsseResult =
(WSSecurityEngineResult)wsResult.getResults().get(0);
String login = wsseResult.getPrincipal().getName();
System.out.println("login = " + login);
Fred Dushin-3 wrote:
>
> The RECV_RESULTS entry in the message context is what you need to
> peel apart.
>
> You'll find it is a java.util.List of results, passed back from the
> WSS4J toolkit. You'll need to dig into the WSS4J interfaces, to
> discern the results list structure (you should be able to treat each
> entry as a java.util.Map, but we have not upgraded CXF to post WSS4J
> 1.5.1, where that polymorphism was added.
>
> -Fred
>
--
View this message in context: http://www.nabble.com/Getting-User-ID-from-WS-Security-Username-Token-tf4404923.html#a12622318
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Getting User ID from WS-Security Username Token
Posted by Fred Dushin <fr...@dushin.net>.
The RECV_RESULTS entry in the message context is what you need to
peel apart.
You'll find it is a java.util.List of results, passed back from the
WSS4J toolkit. You'll need to dig into the WSS4J interfaces, to
discern the results list structure (you should be able to treat each
entry as a java.util.Map, but we have not upgraded CXF to post WSS4J
1.5.1, where that polymorphism was added.
-Fred
On Sep 8, 2007, at 12:46 AM, kkan wrote:
>
> I have been trying to get the userID of WS-Security UsernameToken
> from my
> WebService implementation class. Could anyone point me in the right
> direction? Thanks in advance.
>
> The details are:
>
> I have tried getting the AuthorizationPolicy as decribed here, but
> got a
> null AuthorizationPolicy:
>
> http://www.nabble.com/Request-context---t4378778.html
>
> I have tried getting the latest 2.0.2 that has a fix on Tomcat (I am
> deploying the CXFServlet under JBoss):
>
> https://issues.apache.org/jira/browse/CXF-961
>
> webServiceContext.getUserPrincipal() returns null.
>
> I did a dump of all the entries available to my MessageContext:
>
> MessageContext ctx = (MessageContext) context.getMessageContext();
> Set<String> keySet = ctx.keySet();
> Iterator<String> i = keySet.iterator();
> while (i.hasNext())
> {
> System.out.println("key = " + (String)i.next());
> }
>
> And I got the following objects in my
>
> 23:55:06,816 INFO [STDOUT] key = RECV_RESULTS
> 23:55:06,816 INFO [STDOUT] key = javax.xml.ws.wsdl.operation
> 23:55:06,816 INFO [STDOUT] key =
> javax.xml.ws.binding.attachments.inbound
> 23:55:06,816 INFO [STDOUT] key = HTTP.RESPONSE
> 23:55:06,816 INFO [STDOUT] key = javax.xml.ws.http.request.pathinfo
> 23:55:06,816 INFO [STDOUT] key = org.apache.cxf.transport.Destination
> 23:55:06,816 INFO [STDOUT] key =
> org.apache.cxf.message.Message.ENCODING
> 23:55:06,816 INFO [STDOUT] key =
> org.apache.cxf.security.SecurityContext
> 23:55:06,816 INFO [STDOUT] key = Content-Type
> 23:55:06,816 INFO [STDOUT] key =
> org.apache.cxf.service.model.MessageInfo
> 23:55:06,816 INFO [STDOUT] key =
> org.apache.cxf.message.Message.PATH_INFO
> 23:55:06,816 INFO [STDOUT] key = javax.xml.ws.wsdl.service
> 23:55:06,816 INFO [STDOUT] key = HTTP.REQUEST
> 23:55:06,816 INFO [STDOUT] key = javax.xml.ws.servlet.request
> 23:55:06,816 INFO [STDOUT] key = javax.xml.ws.wsdl.interface
> 23:55:06,816 INFO [STDOUT] key = javax.xml.ws.wsdl.port
> 23:55:06,816 INFO [STDOUT] key = javax.xml.ws.http.request.headers
> 23:55:06,816 INFO [STDOUT] key = javax.xml.ws.servlet.response
> 23:55:06,816 INFO [STDOUT] key = javax.xml.ws.wsdl.description
> 23:55:06,816 INFO [STDOUT] key = javax.xml.ws.servlet.context
> 23:55:06,826 INFO [STDOUT] key =
> org.apache.cxf.message.Message.HTTP_REQUEST_METHOD
> 23:55:06,826 INFO [STDOUT] key = HTTP.CONTEXT
> 23:55:06,826 INFO [STDOUT] key =
> org.apache.cxf.message.Message.BASE_PATH
> 23:55:06,826 INFO [STDOUT] key =
> org.apache.cxf.message.Message.QUERY_STRING
> 23:55:06,826 INFO [STDOUT] key = org.apache.cxf.headers.Header.list
> 23:55:06,826 INFO [STDOUT] key =
> javax.xml.ws.binding.attachments.outbound
> 23:55:06,826 INFO [STDOUT] key =
> org.apache.cxf.jaxws.context.WrappedMessageContext.SCOPES
> 23:55:06,826 INFO [STDOUT] key = javax.xml.ws.http.request.method
> 23:55:06,826 INFO [STDOUT] key =
> org.apache.cxf.message.Message.PROTOCOL_HEADERS
>
> I set up my Callback as such:
>
> <jaxws:inInterceptors>
> <bean
> class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
> <bean
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken"/>
> <entry key="passwordType" value="PasswordText"/>
> <entry key="passwordCallbackClass"
> value="com.haha.cxf.servlet.PWCallback"/>
> </map>
> </constructor-arg>
> </bean>
> </jaxws:inInterceptors>
> --
> View this message in context: http://www.nabble.com/Getting-User-ID-
> from-WS-Security-Username-Token-tf4404923.html#a12566781
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>