How do I read WSS Username Token after validation?

Hi guys,
by specifying a soapenv:header in the wsdd file of my web service, I have managed to validate user name and password passed by the client using a PWCallback class.

The problem now is that later on in the code, I need the username again, but all I have in the web service implementing classes is the request... which does not contain the header...
is there a way to get this info again or to tell wss4j to include it in the request? any suggestions?

Thanks

WSS doesn't address this, and there's no standard way to do it, either; you'll need to resort to approaches that are specific to the SOAP stack you're using.

For example, Axis2 has the org.apache.axis2.context.MessageContext that can be used to store and retrieve properties during a request/response phase. You'd get the currently active context object by calling MessageContext.getCurrentMessageContext. I'm sure other SOAP stacks have comparable facilities.

I am using axis1.4... don't think I have a MessageContext available, but will check... thanks!

As I found it rather hard to get this information I post here my findings... maybe will help somebody with similar problems

OK, little recap...

In my web service I have to implement WSS security so I modified the wsdd as follows:

The PWCallback class is rather standard and documented in wss4j tutorial so allow me to skip this...

Later on, after validation, in the RequestHandlerSoapBindingImpl class normally I just get the data as defined in the WSDL, while I also need the UsernameToken again...

to read the UsernameToken, as suggested by Ulf (Thanks Ulf!) I used the MessageContext provided by Axis1.4, as follows:

Iterator iter = MessageContext.getCurrentContext().getRequestMessage().getSOAPEnvelope().getHeaders().iterator();
    	SOAPHeaderElement head = null;
    	while (iter.hasNext()){
    		SOAPHeaderElement eleRead = (SOAPHeaderElement)iter.next();
    		System.out.println("Header name: " + eleRead.getName() + "Value:" + eleRead.getValue());
    		if (eleRead.getLocalName().equals("Security")){ 
    			head = eleRead;
			}
		}
    	if (head==null) throw new AxisFault("Error reading security header");
		Iterator iter2 =head.getChildElements();		
		MessageElement token = null;
		
		while (iter2.hasNext()){
			MessageElement ele2 = (MessageElement)iter2.next();
			System.out.println("Header name2: " + ele2.getElementName());
			if (ele2.getLocalName().equals("UsernameToken")){
				token = ele2;
			}
		}
		if (token==null) throw new AxisFault("Error reading UsernameToken");
		Iterator iter3 = token.getChildren().iterator();
		String user = null;
		while (iter3.hasNext()){
			MessageElement ele3 = (MessageElement)iter3.next();
			System.out.println("Header name3: " + ele3.getElementName() + "Value:" + ele3.getValue());
			if (ele3.getLocalName().equals("Username")){
				user = ele3.getValue();
			}
		}					
		System.out.println("User:::" + user);
		if (user==null) throw new AxisFault("Error reading Username");

I am pretty sure there are better ways of achieving this result (in which case I would be glad to know!) but at least this works!

Indeed, that's a lot more work than what I was hinting at (and the resulting code is rather more brittle than one would like). In the callback handler you'd do something like:

and then in the service method itself:

definetely much easier... thanks!