Dear Wiki user, You have subscribed to a wiki page or wiki category on "Ws Wiki" for change notification.
The following page has been changed by WernerDittmann: http://wiki.apache.org/ws/FrontPage/WsFx/wss4jFAQ ------------------------------------------------------------------------------ 1. [#npe Spurious Null Pointer Exception] 1. [#debug Where can I change the debug level of wss4j?] 1. [#many I have many clients and one service (and I need signature+encryption). Is there a way to handle many client certs?] - 1. [#usernme How do i extract user's name or certificate info from my web service?] + 1. [#usernme How can a Web Service check and access the results of security actions?] 1. [#time Timestamp handling in WSS4J] @@ -192, +192 @@ trust handling inside WSDo``All``Receiver except that you need a very special certificate trust verification. [[Anchor(usernme)]] - ==== How do i extract user's name or certificate info from my web service? ==== + ==== How can a Web Service check and access the results of security actions? ==== {{{ MessageContext msgContext = MessageContext.getCurrentContext(); Vector results = (Vector) msgContext.getProperty(WSHandlerConstants.RECV_RESULTS); @@ -219, +219 @@ } }}} + The getter methods of {{{WSSecurityEngineResult}}} are depreciated. The new version of {{{WSSecurityEngineResult}}} inherits from Java's {{{HashMap}}}. Web Services shall use the standard {{{get()}}} to retrieve data from {{{WSSecurityEngineResult}}} (see examples below). + + The WSS4J handler stores the results in the Axis message context. + + At first the web service fetches the vector that contains the results of all WSS4J handler invocations for a request. There maybe several invocation (chained handlers) because a request may contain several security elements for different actors. + + The web service may check the actor's name in each {{{WSHandlerResult}}} using {{{getActor()}}} (not show above). If the actor's name matches or if this is the only handler result object the web service can check the result of each security action. + + The web service gets the vector of the security results from the handler result using {{{getResults()}}}. This vector contains a number of {{{WSSecurityEngineResult}}} objects that contain further information for each performed secutity action. + + + Examples: + + To get a principal: + {{{ + java.security.Principal principal = (java.security.Principal)eResult.get(WSSecurityEngineResults.TAG_PRINCIPAL); + }}} + + At this point the Web Service may check the principal's type, depending on the security action (see above). + To get the {{{action}}} + {{{ + int action = ((java.lang.Integer)eResult.get(WSSecurityEngineResults.TAG_ACTION)).intValue() + }}} + + ===== Accessible data in WSSecurityEngineResult depending on security actions ===== + + For Signatures the {{{WSSecurityEngineResult}}} map contains: + * The principal that signed the request, for example the distinguished name + of the certificate, the {{{SUsernameTokenPrincipal}}}, or the + {{{WSDerivedKeyTokenPrincipal}}}. This depends on the request. + + * The certificate used to sign the request if it is a request according to the + WS X.509 profile, not used otherwise + + * The Set of elements that this Signature covers + + * A byte array that contains the Signature value + + The web service can access these data using getter methods (deprectiated) or standard {{{HashMap}}} get methods. See the ''Javadoc'' documentation of {{{WSSecurityEngineResults}}}. + [[Anchor(time)]] ==== Timestamp handling in WSS4J ==== WSS4J supports several time features and options. If you just use the --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
