GeeCON Prague 2014*
The moose likes Web Services and the fly likes How do I read WSS Username Token after validation? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Web Services
Bookmark "How do I read WSS Username Token after validation?" Watch "How do I read WSS Username Token after validation?" New topic
Author

How do I read WSS Username Token after validation?

Luca Zitto
Greenhorn

Joined: Feb 08, 2010
Posts: 23
Hi guys,
by specifying a soapenv:header in the wsdd file of my web service, I have managed to validate user name and password passed by the client using a PWCallback class.

The problem now is that later on in the code, I need the username again, but all I have in the web service implementing classes is the request... which does not contain the header...
is there a way to get this info again or to tell wss4j to include it in the request? any suggestions?

Thanks
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42047
    
  64
WSS doesn't address this, and there's no standard way to do it, either; you'll need to resort to approaches that are specific to the SOAP stack you're using.

For example, Axis2 has the org.apache.axis2.context.MessageContext that can be used to store and retrieve properties during a request/response phase. You'd get the currently active context object by calling MessageContext.getCurrentMessageContext. I'm sure other SOAP stacks have comparable facilities.


Ping & DNS - my free Android networking tools app
Luca Zitto
Greenhorn

Joined: Feb 08, 2010
Posts: 23
I am using axis1.4... don't think I have a MessageContext available, but will check... thanks!
Luca Zitto
Greenhorn

Joined: Feb 08, 2010
Posts: 23
As I found it rather hard to get this information I post here my findings... maybe will help somebody with similar problems

OK, little recap...

In my web service I have to implement WSS security so I modified the wsdd as follows:

The PWCallback class is rather standard and documented in wss4j tutorial so allow me to skip this...

Later on, after validation, in the RequestHandlerSoapBindingImpl class normally I just get the data as defined in the WSDL, while I also need the UsernameToken again...

to read the UsernameToken, as suggested by Ulf (Thanks Ulf!) I used the MessageContext provided by Axis1.4, as follows:

I am pretty sure there are better ways of achieving this result (in which case I would be glad to know!) but at least this works!
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42047
    
  64
Indeed, that's a lot more work than what I was hinting at (and the resulting code is rather more brittle than one would like). In the callback handler you'd do something like:

and then in the service method itself:

Luca Zitto
Greenhorn

Joined: Feb 08, 2010
Posts: 23
definetely much easier... thanks!
 
GeeCON Prague 2014
 
subject: How do I read WSS Username Token after validation?