by specifying a soapenv:header in the wsdd file of my web service, I have managed to validate user name and password passed by the client using a PWCallback class.
The problem now is that later on in the code, I need the username again, but all I have in the web service implementing classes is the request... which does not contain the header...
is there a way to get this info again or to tell wss4j to include it in the request? any suggestions?
WSS doesn't address this, and there's no standard way to do it, either; you'll need to resort to approaches that are specific to the SOAP stack you're using.
For example, Axis2 has the org.apache.axis2.context.MessageContext that can be used to store and retrieve properties during a request/response phase. You'd get the currently active context object by calling MessageContext.getCurrentMessageContext. I'm sure other SOAP stacks have comparable facilities.
Ping & DNS - updated with new look and Ping home screen widget
Joined: Feb 08, 2010
I am using axis1.4... don't think I have a MessageContext available, but will check... thanks!
Joined: Feb 08, 2010
As I found it rather hard to get this information I post here my findings... maybe will help somebody with similar problems
OK, little recap...
In my web service I have to implement WSS security so I modified the wsdd as follows:
The PWCallback class is rather standard and documented in wss4j tutorial so allow me to skip this...
Later on, after validation, in the RequestHandlerSoapBindingImpl class normally I just get the data as defined in the WSDL, while I also need the UsernameToken again...
to read the UsernameToken, as suggested by Ulf (Thanks Ulf!) I used the MessageContext provided by Axis1.4, as follows:
I am pretty sure there are better ways of achieving this result (in which case I would be glad to know!) but at least this works!
Joined: Mar 22, 2005
Indeed, that's a lot more work than what I was hinting at (and the resulting code is rather more brittle than one would like). In the callback handler you'd do something like: