Skip to main content

J2EE Security

3 replies [Last post]
Joined: 2005-07-02

Does the WSIT stack set up the J2EE security context? For example, can I call getCallerPrincipal(), getUserPrincipal() or something similar in a web service provider to determine the identity of the caller?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Joined: 2003-12-10

Before i can answer your question i need to ask you the following question.

1. Are you trying to set USERNAME_PROPERTY and PASSWORD_PROPERTY on ?.

2. Are you using Message Level Security with WSIT ?

If your answer is "2" then i would have to say invoking getCallerPrincipal() will not provide you the Caller Principal that was inferred from the UsernameToken and/or Certificate used to secure the message . This kind of integration with the J2EE container is scheduled to happen in near future.

However you can do the following with wsit today. context = ....//obtain this within the Endpoint Impl

Subject callerSubject = com.sun.xml.wss.SubjectAccessor.getRequesterSubject(context);

And then you can access the principals from the subject.


Joined: 2003-06-19

I haven't tried it out myself, but the JAX-WS interfaces should give you what you need. See for a starter.

Joined: 2003-06-19