WS-Security provides a standard way to secure Web Services. Since based on SOAP it is agnostic of the stack you are using. When using JAX-RPC implementation, you are running in a J2EE container. In this post I am giving a tip to access the Principal object.
I have a service service, and I need to access some user information in its implementation class (
org.tug.ws.sample.SimpleServiceImpl ). This service is secure with WS-Security, with for example simple authentication, the following screenshot, is the configuration of inbound security in OracleAS 10gR3:
So the service is secured, here the code that you have to add in your service implementation (or handlers) to access the Principal object.
- Implement the init(Object context) method to access
ServletEndpointContext, that you can for example put as a local member of your implementation class.
1 2 3
- Then you can access the principal object using the
1 2 3 4 5 6
You can find more information about the Security in J2EE 1.4 Web Services in the Designing Web Services with the J2EE 1.4 Platform tutorial.
Update on Wednesday october 4th: Frank Nimphius, has use this entry to create a more detail article about End to End Security with Web Services Security.