i haven't tried this. it certainly must be possible, but right now i haven't the time to figure it out.
i would start at MessageContext.getAxisEngine().getGlobalRequest() and search in that area. the file itself is loaded by org.apache.axis.configuration.EngineConfigurationFactoryDefault. also i seem to remember someone mentioning that you could access the global request flow and insert a handler into that flow at runtime. also if you have permissions you can call System.setProperty() from a startup servlet (if you want a possibly much simpler solution that opens up a bunch of possible bugs if another servlet in the same servlet engine tries to connect to a different web service...) sorry i couldn't be of more help. :-/ ...............ron. > Ok...i dont use the client_deploy.wsdd....is there any way to avoid > using it? I have the client inside a servlet so i cant specify it with > the java -D.... command line. > Thx! > Michael > >>do you have this in your client-config.wsdd? >><deployment ...> >> <transport .../> >> <globalConfiguration> >> <requestFlow> >> <!-- add the header that carries the user's login-name --> >> <handler type="java:org.apache.ws.axis.security.WSDoAllSender"> >> <parameter name="action" value="UsernameToken"/> >> <parameter name="actor" value="loginName"/> >> <parameter name="passwordCallbackClass" value="PWCallback"/> >> </handler> >>? >> >>otherwise there won't be any handler in the request flow that knows what to >> do >>with those properties. >> >>hth. >>.............ron. >> >> >>>Ok, so i got the server working basically (i think) but when calling it >>>i get the following exception at the client: >>> >>>AxisFault >>> faultCode: >>>{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException >>> faultSubcode: >>> faultString: WSDoAllReceiver: Request does not contain required >>>Security header >>> >>> >>>Thats the client code so far: >>> >>>try { >>> binding = new al.JCT.service.JCTServiceLocator().getJCTSession(); >>> Stub axisPort = (Stub)binding; >>> axisPort._setProperty(UsernameToken.PASSWORD_TYPE, >>>WSConstants.PASSWORD_DIGEST); >>> axisPort._setProperty(WSHandlerConstants.USER, "wss4j"); >>> axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF, new >>>PWCallback()); >>> } >>> catch (javax.xml.rpc.ServiceException jre) { >>> jre.printStackTrace(); >>> return; >>> } >>> >>> try { >>> al.JCT.service.Job[] value = null; >>> String ids[] = {"1218"}; >>> value = binding.getJobStatus("rudi", "qw", null, ids); >>> if (value != null) { >>> for (int i=0; i < value.length; i++) { >>> System.out.println(value[i].getId() + " - " + >>>value[i].getName() + " - " + value[i].getPe()); >>> System.out.println(value[i].getReservations()); >>> System.out.println(value[i].getOutputPaths()[0].getPath()); >>> } >>> } >>> binding.submitJob(null, null, null); >>> } >>> catch (java.rmi.RemoteException re) { >>> re.printStackTrace(); >>> return; >>> } >>> >>> >>>Any ideas on this one? >>> >>>Thx! >>>Michael >>> >>> >>> >>>>you can extract all the security info by looking at the Vector stored >>>>as a property in the MessageContext: >>>>Vector resultHandlers = >>>>(Vector)MessageContext.getCurrentContext().getProperty(WSHandlerConstants.RECV_RESULTS); >>>> >>>> >>>>this vector contains, as far as i can tell, everything you could want >>>>to know. >>>>or you can extract the username from the message itself - >>>>ArrayList actorList = new ArrayList(); >>>>actorList.add("actor value for my UsernameToken entry"); >>>>Message request = MessageContext.getCurrentContext().getRequestMessage(); >>>>SOAPEnvelope envelope = (SOAPEnvelope)request.getSOAPEnvelope(); >>>>Vector headers = envelope.getHeadersByActor(actorList); >>>>SOAPHeaderElement header = (SOAPHeaderElement)headers.get(0); >>>> >>>>you can then extract the actual username by walking the DOM tree to >>>>the node which contains the username >>>>MessageElement usernameTokenElement = >>>>header.getChildElement(USERNAME_TOKEN_QNAME); >>>>MessageElement usernameElement = >>>>usernameTokenElement.getChildElement(USERNAME_QNAME); >>>>String username = usernameElement.getValue(); >>>> >>>>(you'll also need these) >>>>static final QName USERNAME_TOKEN_QNAME = new >>>>QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN); >>>>static final QName USERNAME_QNAME = new QName(WSConstants.WSSE_NS, >>>>WSConstants.USERNAME_LN); >>>> >>>>in my app i have a handler which i put in the request chain right >>>>after the WSDoAllReceiver which extracts the username using the above >>>>code, does an LDAP lookup of the user to gather roles, and then >>>>creates an app-specific user object which it stores it as a properly >>>>in the MessageContext where anyone in the handling chain can then >>>>extract it via getProperty(). >>>> >>>>hth. >>>>......................ron. >>>> >>>>Michael Rudolf wrote: >>>> >>>> >>>> >>>>>Thanks a lot for the detailed description! I think this will work >>>>>fine for me. One more question about this though: Can i read the >>>>>username inside the web service? Or is there any way of getting >>>>>information like the group a user belongs to inside the web service >>>>>to read it there? It sounds like the Service does get any of this >>>>>info since the authentication is completely transparent to the >>>>>service itself. >>>>>Thanks. >>>>>Michael >>>>> >>>>> >>>>> >>>>>>by "Web Services are made out of Session EJBs" you mean you have >>>>>>Session EJBs that expose a SOAP-over-HTTP interface? WSS4J uses 2 >>>>>>handlers, one client-side and one server-side (WSDoAllSender >>>>>>(client) and WSDoAllReceiver (server)) which plug into the handler >>>>>>chain supported by Axis to "intercept" the request on its way to the >>>>>>server. WSDoAllSender adds a WSSecurity header to the SOAP message >>>>>>on send (configured using a properties file). WSDoAllReceiver then >>>>>>processes the incoming message, validates whatever it's configured >>>>>>to validate and then passes the request on to your handlers/service >>>>>>(or rejects the message if it does not validate properly). to add >>>>>>UsernameTokens to a request and process them on the server requires >>>>>>a CallbackHandler on the client side which can provide the password >>>>>>for a user. this is then processed into a UsernameToken, included >>>>>>in the SOAP header, and on the server side you'll need another >>>>>>CallbackHandler which can provide the password for the user (pulled >>>>>>from LDAP) which WSS4J will compare to what's provided in the >>>>>>UsernameToken and thus authenicate the message before your service >>>>>>(however it's implemented) ever gets called. it's quite transparent >>>>>>for the most part. it also inserts a few entries in the >>>>>>MessageContext so you can later determine what kind of authenication >>>>>>has been done. >>>>>> >>>>>>hth. >>>>>>.......................ron. >>>>>>Michael Rudolf wrote: >>>>>> >>>>>> >>>>>> >>>>>>>Is there any difference in case the Web Services are made out of >>>>>>>Session EJBs? Or does WSS4J work the same way in that case? >>>>>>>Thanks! >>>>>>>Michael >>>>>>> >>>>>>> >>>>>>> >>>>>>>>you may want to look at WSS4J and UsernameTokens. they're pretty >>>>>>>>straight-forward as long as your client can support them. they >>>>>>>>are part of >>>>>>>>the WS-Security standard if you want to stick with "endorsed" >>>>>>>>authentication >>>>>>>>mechanisms. then on the server-side you'll typically need a JNDI >>>>>>>>interface to >>>>>>>>your LDAP server to authenticate the user on that side. >>>>>>>> >>>>>>>>hth. >>>>>>>>................ron. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>Hi, >>>>>>>>>is there any tutorial or example for authenticating users of we >>>>>>>>>services >>>>>>>>>by username and pass over HTTPS? Can anybody explain in more >>>>>>>>>detail how >>>>>>>>>this works? Is there any alternative to it? I want to query axis web >>>>>>>>>sercvices from a portal. That uses LDAP for authetication. I >>>>>>>>>would like >>>>>>>>>to use the same directory for authenticating the users at the web >>>>>>>>>services that are being queried. >>>>>>>>>Thanks for any help! >>>>>>>>>Michael >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> >>>>>> >>>>>> >>>> >>>> >>>> >>> >>> >> >> >> >> >> >> > >