Hi,
In your interceptor you can save the authentication parameter in
message, and in your impl class you can have code like
@Resource
private WebServiceContext wsContext;
Then can use code like
MessageContext ctx = wsContext.getMessageContext();
Message message =
((WrappedMessageContext)ctx).getWrappedMessage();
//here you can get authentication parameter you saved
previously from message
Freeman
On 2012-4-13, at 下午9:48, shashi wrote:
Hi,
I am learning to develop a web service using cxf with spring
framework. I
have developed a sample authenticated web service application using
interceptors and I am stuck in passing authentication
parameter(username and
password) to service class which implements the interface.
Web service code is as follows.
Student class:
public class Student {
private String name;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
Interface:
@WebService
public interface ChangeStudentDetails {
Student changeName(Student student);
}
Implementation:
@WebService(endpointInterface = "com.student.ChangeStudentDetails")
public class ChangeStudentDetailsImpl implements
ChangeStudentDetails {
public Student changeName(Student student) {
student.setName("Hello "+student.getName());
return student;
}
Interceptor class:
public class WSSecurityInterceptor extends
AbstractPhaseInterceptor<Message>
{
public SVWSSecurityInterceptor() {
super(Phase.PRE_PROTOCOL);
}
public SVWSSecurityInterceptor(String s) {
super(Phase.PRE_PROTOCOL);
}
public void handleMessage(Message message) throws Fault {
Map props = new HashMap();
props.put(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
CallbackHandler callbackHandler = (CallbackHandler)
SpringApplicationContextProvider.getInstance().getBean("handler");
props.put(WSHandlerConstants.PW_CALLBACK_REF, panPassCallback);
WSS4JInInterceptor wss4jInHandler = new
WSS4JInInterceptor(props);
message.getInterceptorChain().add(new SAAJInInterceptor());
message.getInterceptorChain().add(wss4jInHandler);
}
}
Callback handler class:
public class CallbackHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
String uname= pc.getIdentifier();
String upassword=pc.getPassword();
if (uname != null ) {
List<GrantedAuthority> authorities =
testmethod.getAuthorities(user, instance);
authorities.addAll(authorities);
UsernamePasswordAuthenticationToken result = new
UsernamePasswordAuthenticationToken(uname, upassword, authorities);
SecurityContextHolder.getContext().setAuthentication(result);
}
}
}
While debugging the application the workflow was as follows
Interceptor
class->callback handler->service class(ChangeStudentDetailsImpl)
Suppose if I want to pass the username and password to service class
for
additional verification of username(username and password are
obtained in
callback handler). How do I do this?
What is the best way to pass the authentication credentials to service
class?
Any suggestion would be great.
Thank you
shashi
--
View this message in context:
http://cxf.547215.n5.nabble.com/how-to-pass-authentication-credentials-to-service-class-in-cxf-webservice-tp5638346p5638346.html
Sent from the cxf-issues mailing list archive at Nabble.com.
---------------------------------------------
Freeman Fang
FuseSource
Email:[email protected]
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: http://weibo.com/u/1473905042
