Skip to main content

J2EE Security

3 replies [Last post]
superpat7
Offline
Joined: 2005-07-02

Does the WSIT stack set up the J2EE security context? For example, can I call getCallerPrincipal(), getUserPrincipal() or something similar in a web service provider to determine the identity of the caller?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
kumarjayanti
Offline
Joined: 2003-12-10

Before i can answer your question i need to ask you the following question.

1. Are you trying to set USERNAME_PROPERTY and PASSWORD_PROPERTY on
javax.xml.ws.BindingProvider ?.

2. Are you using Message Level Security with WSIT ?

If your answer is "2" then i would have to say invoking getCallerPrincipal() will not provide you the Caller Principal that was inferred from the UsernameToken and/or Certificate used to secure the message . This kind of integration with the J2EE container is scheduled to happen in near future.

However you can do the following with wsit today.

javax.xml.ws.WebServiceContext context = ....//obtain this within the Endpoint Impl

Subject callerSubject = com.sun.xml.wss.SubjectAccessor.getRequesterSubject(context);

And then you can access the principals from the subject.

Thanks.

ritzmann
Offline
Joined: 2003-06-19

I haven't tried it out myself, but the JAX-WS interfaces should give you what you need. See for a starter.

ritzmann
Offline
Joined: 2003-06-19