Re: Determining Caller's Identity

Stephen Langella Wed, 19 Aug 2009 06:49:31 -0700

Josef,

    Thanks for the information, how do I get a handle the the
WebServiceContext inside my service implementation?


--Steve

Stephen Langella
Co-Director 
Software Research Institute
Center for IT Innovations in Healthcare
Ohio State University

Senior Researcher  
Department of Biomedical Informatics
Ohio State University

Office: (614) 293-9534
Lab: (614) 292-8420
stephen.lange...@osumc.edu


> From: Josef Bajada <josef.baj...@go.com.mt>
> Reply-To: <users@cxf.apache.org>
> Date: Wed, 19 Aug 2009 15:03:05 +0200
> To: <users@cxf.apache.org>
> Subject: RE: Determining Caller's Identity
> 
> If you use the servlet container's authentication and transport security
> methods (through WEB-INF/web.xml) to force authentication (such as HTTP
> BASIC Auth over HTTPS), you can simply put the following line in your
> service implementation class.
> 
> 
> /**
>    * The web-service context will be automatically injected by the
> JAX-WS Container.
>    */
>   @Resource
>   private WebServiceContext context;
> 
> 
>   //in your methods where you need to check the caller:
>    if (context.getUserPrincipal() != null)
>     {
>       log.info(getUserPrincipal().getName() + ":: just called our
> methods");
>     }
> 
> Regards,
> Josef
> 
> 
> 
> -----Original Message-----
> From: Eamonn Dwyer [mailto:eamdwyer...@hotmail.com]
> Sent: 19 August 2009 12:57
> To: users@cxf.apache.org
> Subject: RE: Determining Caller's Identity
> 
> 
> Hi Stephen 
> Not quite what you want but maybe you could do something like this
> inside an interceptor rather than inside your service.
> 
> TLSSessionInfo tlsSessionInfo = message.put(TLSSessionInfo.class);
> Certificate[] peerCerts =  tlsSessionInfo.getPeerCertificates();
> ... check the peer certificates and authorize based on this
> 
> Regards
> Eamonn
> 
>> From: stephen.lange...@inventrio.com
>> To: users@cxf.apache.org
>> Subject: Determining Caller's Identity
>> Date: Tue, 18 Aug 2009 14:37:12 -0400
>> 
>> I have written and Apache CXF Web Service (WSDL First), inside the
>> service I want to enforce authorization based on the identity of the
>> client that called the service.  I wanted to know if there was an API
> 
>> call I can make from the service implementation to obtain the client
>> identity.   For example if the client authenticate over HTTPS with a
>> client certificate.
>> 
>> --Steve
>> 
>> Stephen Langella
>> Co-Founder
>> Inventrio, LLC
>> www.inventrio.com
>> 
>> stephen.lange...@inventrio.com
>> 
>> 
>> 
>> 
>> 
>> 
> 
> _________________________________________________________________
> See all the ways you can stay connected to friends and family
> http://www.microsoft.com/windows/windowslive/default.aspx

Re: Determining Caller's Identity

Reply via email to