Skip to main content

[wsit] username/password auth., get back username

7 replies [Last post]
zais
Offline
Joined: 2008-03-27
Points: 0

Hi all.
I created a wsit and secured it with username/password authentification using netbeans. I configured keystores, truststores, password validator, password callback, ect... and all of this works. I can choose the the password at runtime on the client side and verify it inside my database on server side.
I also finded some documents explaining how to handle sessions at server side here http://weblogs.java.net/blog/bhaktimehta/archive/2006/08/ws_reliable_mes...
and I finded another, but quite cryptic document, here http://wiki.glassfish.java.net/attach/OnePagersOrFunctionalSpecs/wsit-on...
that allows me to get a HashTable for each client which is more useful and easy to use than what propose the first document.
And all of this works.

My problem is, in fact, so simple that I can not find another abjective than "stupid": how can I get the username used by the client to authentify inside one of the methods of my service?
We could expect the application server to simply save it in the session reserved for the client. Well, even if that's what is done I can not find any documentation that describe how to get it back.
Fine, then let's just save it manually when validating with the PasswordValidator. Unfortunatly it's just impossible, I have no access to the session inside that class.

So how could I get that damn username when I need it?

Thanks in advance, great fortune, long life, etc... to anyone that would answer this message.

PS:yeah, english is not my mother language, please forgive me

Message was edited by: zais

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
huima
Offline
Joined: 2006-05-05
Points: 0

Thanks! You really made my day with that example. I tried to get the principal in normal way from web service context, but it was always null.

Would it be possible to put that up somewhere in Metro FAQ, inside an example or somewhere where people would see it properly, since others will stumble on this bit again and again :-D

Would be great if it would be visible also in the Netbeans tutorials that are an easy startingpoint for learning and testing webservices on Metro and WSIT.

Glen Mazza

Hmmm. Just a guess, I haven't done this before, but just as you can "put"
the password and username properties as shown here[1], perhaps you can also
"get" them...

HTH,
Glen

[1] http://www.jroller.com/gmazza/date/20080322

metro wrote:
>
> Hi all.
> I created a wsit and secured it with username/password authentification
> using netbeans. I configured keystores, truststores, password validator,
> password callback, ect... and all of this [b]works[/b]. I can choose the
> the password at runtime on the client side and verify it inside my
> database on server side.
> I also finded some documents explaining how to handle sessions at server
> side here
> http://weblogs.java.net/blog/bhaktimehta/archive/2006/08/ws_reliable_mes...
> and I finded another, but quite cryptic document, here
> http://wiki.glassfish.java.net/attach/OnePagersOrFunctionalSpecs/wsit-on...
> that allows me to get a HashTable for each client with is
> more useful and easy to use than what propose the first document.
> And all of this [b]works[/b].
>
> My problem is, in fact, so simple that I can not find another abjective
> than "stupid": how can I get the username used by the client to authentify
> inside one of the methods of my service?
> We could expect the application server to simply save it in the session
> reserved for the client. Well, even if that's what is done I can not find
> any documentation that describe how to get it back.
> Fine, then let's just save it manually when validating with the
> PasswordValidator. Unfortunatly it's just impossible, I have no access to
> the session inside that class.
>
> So how could I get that damn username when I need it?
>
> Thanks in advance, great fortune, long life, etc... to anyone that would
> answer this message.
>
> PS:yeah, english is not my mother language
> [Message sent by forum member 'zais' (zais)]
>
> http://forums.java.net/jive/thread.jspa?messageID=266145
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
> For additional commands, e-mail: users-help@metro.dev.java.net
>
>
>

--
View this message in context: http://www.nabble.com/-wsit--username-password-auth.%2C-get-back-usernam...
Sent from the Metro - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

kumarjayanti
Offline
Joined: 2003-12-10
Points: 0

IMHO some of the postings are crossing the lines.

We appreciate constructive feedback and criticism on Metro but i don't think it is ethical to POST CXF related blogs or ask people to try out something on CXF.

Thanks.

kumarjayanti
Offline
Joined: 2003-12-10
Points: 0

Glen,

I think i did not read your blog properly. You probably always talk about Metro and CXF together most of the times and i missed that point. So please ignore my previous comment.

Thanks.

Message was edited by: kumarjayanti

Glen Mazza

That's OK. I get flamed on the CXF-User's list too: ;-)
http://www.nabble.com/Re%3A-Looking-for-example-code-p16063655.html

Glen

metro wrote:
>
> Glen,
>
> I think did not read your blog properly. You probably always talk about
> Metro and CXF most of the times and i missed that point. So please ignore
> my previous comment.
>
> Thanks.
> [Message sent by forum member 'kumarjayanti' (kumarjayanti)]
>
> http://forums.java.net/jive/thread.jspa?messageID=266369
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
> For additional commands, e-mail: users-help@metro.dev.java.net
>
>
>

--
View this message in context: http://www.nabble.com/-wsit--username-password-auth.%2C-get-back-usernam...
Sent from the Metro - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

kumarjayanti
Offline
Joined: 2003-12-10
Points: 0

in your webservice do the following

//inject WebServiceContext
@Resource
private WebServiceContext context;

//in the webservice method do the following

Subject clientSubject = null;
try {
clientSubject = com.sun.xml.wss.SubjectAccessor.getRequesterSubject(context);
} catch(Exception e) {
//handle exception
e.printStackTrace();
}

if (clientSubject != null) {
Set principals = clientSubject.getPrincipals();
for (Iterator it = principals.iterator(); it.hasNext();) {
System.out.println("Client Principals:" + it.next());
}
} else {
System.out.println("Client Principal not set");
}

zais
Offline
Joined: 2008-03-27
Points: 0

Wow, it works. Thanks to you.

But, if you allows me to ask, where did you finded that code?