WS-Security provides a standard way to secure Web Services. Since based on SOAP it is agnostic of the stack you are using. When using JAX-RPC implementation, you are running in a J2EE container. In this post I am giving a tip to access the Principal object.
I have a service service, and I need to access some user information in its implementation class ( org.tug.ws.sample.SimpleServiceImpl ). This service is secure with WS-Security, with for example simple authentication, the following screenshot, is the configuration of inbound security in OracleAS 10gR3:
So the service is secured, here the code that you have to add in your service implementation (or handlers) to access the Principal object.
- Implement
javax.xml.rpc.server.ServiceLifecycle - Implement the init(Object context) method to access
the
ServletEndpointContext, that you can for example put as a local member of your implementation class.
public void init(Object context) {
_servleContext = (ServletEndpointContext)context;
}
- Then you can access the principal object using the
getUserPrincipal()method:
...
if (_servleContext.getUserPrincipal() != null ) {
Principal userPrincipal = _servleContext.getUserPrincipal();
...
}
...
You can find more information about the Security in J2EE 1.4 Web Services in the Designing Web Services with the J2EE 1.4 Platform tutorial.
Update on Wednesday october 4th: Frank Nimphius, has use this entry to create a more detail article about End to End Security with Web Services Security.