You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by mj1932 <mj...@hotmail.com> on 2008/10/14 13:54:39 UTC

How to get UsernameToken password??

I'm struggling to get the password from the (WS-Security) UsernameToken
within my WebService class.  I assume I can get it from the
WebserviceContext some how and am able to Principal.getName() from the
WebServiceContext.  I'm using the WSS4J interceptor (with Spring ACEGI auth
providers) to do authentication and that works, so I know the password is
there somewhere.  Basically I need to pass along that WS-Security username &
password "downstream" within my webservice method.  I've attempted to loop
through the WSHandlerResults and doing sysout's see what's in there and
don't see the password.  It's gotta be in the WebServiceContext somewhere. 
Any help is appreciated.

Environment:
jetty-6.1.12
cxf 2.1.2
spring 2.5.5
-- 
View this message in context: http://www.nabble.com/How-to-get-UsernameToken-password---tp19971970p19971970.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: How to get UsernameToken password??

Posted by mj1932 <mj...@hotmail.com>.

Finally figured it out and, like I thought, it was something simple -- Cast
the Principal:

((WSUsernameTokenPrincipal)context.getUserPrincipal()).getPassword()


mj1932 wrote:
> 
> I'm struggling to get the password from the (WS-Security) UsernameToken
> within my WebService class.  I assume I can get it from the
> WebserviceContext some how and am able to Principal.getName() from the
> WebServiceContext.  I'm using the WSS4J interceptor (with Spring ACEGI
> auth providers) to do authentication and that works, so I know the
> password is there somewhere.  Basically I need to pass along that
> WS-Security username & password "downstream" within my webservice method. 
> I've attempted to loop through the WSHandlerResults and doing sysout's see
> what's in there and don't see the password.  It's gotta be in the
> WebServiceContext somewhere.  Any help is appreciated.
> 
> Environment:
> jetty-6.1.12
> cxf 2.1.2
> spring 2.5.5
> 

-- 
View this message in context: http://www.nabble.com/How-to-get-UsernameToken-password---tp19971970p19972798.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: How to get UsernameToken password??

Posted by mj1932 <mj...@hotmail.com>.

FYI, here's my spring config.  Not sure that will help in a solution, but
provides background ...
<bean id="ldapAuthProvider"
class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
	  	<constructor-arg>
			<bean
class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
		   		<constructor-arg><ref
local="initialDirContextFactory"/></constructor-arg>
		   		<property name="userSearch" ref="userSearch"/>
			</bean>
	  	</constructor-arg>
    </bean>
	
	<bean id="acegiAuthMgr"
class="org.acegisecurity.providers.ProviderManager">
		<property name="providers">
			<list><ref bean="ldapAuthProvider"/></list>
		</property>
	</bean>
		
	<bean id="acegiAuthCallback"
class="org.springframework.ws.soap.security.wss4j.callback.acegi.AcegiPlainTextPasswordValidationCallbackHandler">
		<property name="authenticationManager" ref="acegiAuthMgr"/>
	</bean>
	
	<bean id="wss4jInConfiguration"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
scope="prototype">
		<constructor-arg>
	        <map>
	           <entry key="action" value="UsernameToken"/>
	           <entry key="passwordType" value="PasswordText"/>
	           <entry key="passwordCallbackRef">
	              <ref bean="acegiAuthCallback"/>	             
	           </entry>
	        </map>
         </constructor-arg>
	</bean>
		
	<bean id="aegisBean"
class="org.apache.cxf.aegis.databinding.AegisDatabinding"
scope="prototype"/>
	<bean id="jaxws-and-aegis-service-factory"
class="org.apache.cxf.jaxws.support.JaxWsServiceFactoryBean"
		  scope="prototype"> 
		<property name="dataBinding" ref="aegisBean"/>

		<property name="serviceConfigurations">
			<list>
			  <bean class="org.apache.cxf.jaxws.support.JaxWsServiceConfiguration"/>
			  <bean
class="org.apache.cxf.aegis.databinding.XFireCompatibilityServiceConfiguration"/>
			  <bean
class="org.apache.cxf.service.factory.DefaultServiceConfiguration"/> 
		   </list>
	   </property>
	</bean>

<jaxws:endpoint id="myServiceWS" implementor="#myService"
address="/MyService">
		<jaxws:serviceFactory>
   			<ref bean='jaxws-and-aegis-service-factory' />
  		</jaxws:serviceFactory>
  		<jaxws:inInterceptors>
	      	<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
	      	<ref bean="wss4jInConfiguration"/>
   		</jaxws:inInterceptors>
	</jaxws:endpoint>


mj1932 wrote:
> 
> I'm struggling to get the password from the (WS-Security) UsernameToken
> within my WebService class.  I assume I can get it from the
> WebserviceContext some how and am able to Principal.getName() from the
> WebServiceContext.  I'm using the WSS4J interceptor (with Spring ACEGI
> auth providers) to do authentication and that works, so I know the
> password is there somewhere.  Basically I need to pass along that
> WS-Security username & password "downstream" within my webservice method. 
> I've attempted to loop through the WSHandlerResults and doing sysout's see
> what's in there and don't see the password.  It's gotta be in the
> WebServiceContext somewhere.  Any help is appreciated.
> 
> Environment:
> jetty-6.1.12
> cxf 2.1.2
> spring 2.5.5
> 

-- 
View this message in context: http://www.nabble.com/How-to-get-UsernameToken-password---tp19971970p19972120.html
Sent from the cxf-user mailing list archive at Nabble.com.