Does the WSIT stack set up the J2EE security context? For example, can I call getCallerPrincipal(), getUserPrincipal() or something similar in a web service provider to determine the identity of the caller?
Before i can answer your question i need to ask you the following question.
1. Are you trying to set USERNAME_PROPERTY and PASSWORD_PROPERTY on
2. Are you using Message Level Security with WSIT ?
If your answer is "2" then i would have to say invoking getCallerPrincipal() will not provide you the Caller Principal that was inferred from the UsernameToken and/or Certificate used to secure the message . This kind of integration with the J2EE container is scheduled to happen in near future.
However you can do the following with wsit today.
javax.xml.ws.WebServiceContext context = ....//obtain this within the Endpoint Impl
Subject callerSubject = com.sun.xml.wss.SubjectAccessor.getRequesterSubject(context);
And then you can access the principals from the subject.
I haven't tried it out myself, but the JAX-WS interfaces should give you what you need. See for a starter.
Here is the correct URL:
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Participation.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.