Oh I just noticed the "Dan and Dan" below :) , my brain and hands must have
been out of synch for a bit.
Regards,
Eamonn
> Date: Fri, 21 Aug 2009 13:23:12 -0400
> Subject: Re: Determining Caller's Identity
> From: stephen.lange...@osumc.edu
> To: users@cxf.apache.org
>
> Eamonn,
> Eamonn,
>
> Thanks you for this information, I tried what you suggested and got what
> I need working, thanks again.
>
> --Steve
>
>
> Stephen Langella
> Co-Director
> Software Research Institute
> Center for IT Innovations in Healthcare
> Ohio State University
>
> Senior Researcher
> Department of Biomedical Informatics
> Ohio State University
>
> Office: (614) 293-9534
> Lab: (614) 292-8420
> stephen.lange...@osumc.edu
>
>
> > From: Eamonn Dwyer <eamdwyer...@hotmail.com>
> > Reply-To: <users@cxf.apache.org>
> > Date: Thu, 20 Aug 2009 14:37:45 +0100
> > To: <users@cxf.apache.org>
> > Subject: RE: Determining Caller's Identity
> >
> >
> > Hi Dan and Dan
> > I think the attribute names maybe slightly different to the ones mentioned
> > below - looking at the code in SSLUtils.java propagateSecureSession they
> > seem
> > to be
> > "javax.servlet.request.cipher_suite" and
> > "javax.servlet.request.X509Certificate".
> >
> > or if you feel like going the interceptor route the code would look
> > something
> > like (though you will need to add code to distinguish between the clients
> > own
> > certificate and the client's own certificate's CA chain
> >
> > ....
> >
> >
> > public class TestInterceptor extends AbstractPhaseInterceptor<Message> {
> >
> > public TestInterceptor() {
> > super(Phase.RECEIVE);
> > }
> >
> > public void handleMessage(Message message) throws Fault {
> > // TODO Auto-generated method stub
> > TLSSessionInfo tlsSessionInfo =
> > (TLSSessionInfo)message.get(TLSSessionInfo.class);
> > Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates();
> > for (int i = 0; i < peerCerts.length; i++) {
> > X509Certificate x509certificate = (X509Certificate)peerCerts[i];
> > System.out.println("x509certificate " +
> > x509certificate.getSubjectDN());
> >
> > }
> >
> > }
> >
> > }
> >
> > the output would look like
> > x509certificate CN=bob, OU=eng, O=mycompany.com
> > x509certificate CN=trent, OU=eng, O=mycompany.com
> >
> >
> > Regs
> > Eamonn
> >
> >
> >> From: dk...@apache.org
> >> To: users@cxf.apache.org
> >> Subject: Re: Determining Caller's Identity
> >> Date: Wed, 19 Aug 2009 13:53:49 -0400
> >> CC: stephen.lange...@osumc.edu
> >>
> >> On Wed August 19 2009 1:20:25 pm Stephen Langella wrote:
> >>> Josef,
> >>>
> >>> I tried what you suggested but context.getUserPrincipal() returned
> >>> null. Keep in mind I am using X.509 client certificates to authenticate
> >>> with the server, I am trying to get the subject DN from the clients
> >>> certificate as opposed to a basic authentication user id. Is this
> >>> supported or am I doing something wrong? In Googling around I found a
> >>> JIRA issue related to this and it is not clear whether or not what I am
> >>> trying to do is supported:
> >>>
> >>> https://issues.apache.org/jira/browse/CXF-1680
> >>
> >> That had to do with X509 things withing a WS-Security secured message, not
> >> really using certs for SSL/https. For https, what you probably need to do
> >> is
> >> pull the HttpServletRequest out of the context
> >> (context.get(MessageContext.SERVLET_REQUEST)) and then use the
> >> HttpServletRequest.getAttribute(...) call to retrieve the various HTTPS
> >> attributes. "javax.net.ssl.peer_certificates" and
> >> "javax.net.ssl.cipher_suite" and such.
> >>
> >> Dan
> >>
> >>
> >>>
> >>> I would appreciate if someone would comment, thanks in advance.
> >>>
> >>> --Steve
> >>>
> >>> Stephen Langella
> >>> Co-Director
> >>> Software Research Institute
> >>> Center for IT Innovations in Healthcare
> >>> Ohio State University
> >>>
> >>> Senior Researcher
> >>> Department of Biomedical Informatics
> >>> Ohio State University
> >>>
> >>> Office: (614) 293-9534
> >>> Lab: (614) 292-8420
> >>> stephen.lange...@osumc.edu
> >>>
> >>>> From: Josef Bajada <josef.baj...@go.com.mt>
> >>>> Reply-To: <users@cxf.apache.org>
> >>>> Date: Wed, 19 Aug 2009 15:03:05 +0200
> >>>> To: <users@cxf.apache.org>
> >>>> Subject: RE: Determining Caller's Identity
> >>>>
> >>>> If you use the servlet container's authentication and transport security
> >>>> methods (through WEB-INF/web.xml) to force authentication (such as HTTP
> >>>> BASIC Auth over HTTPS), you can simply put the following line in your
> >>>> service implementation class.
> >>>>
> >>>>
> >>>> /**
> >>>> * The web-service context will be automatically injected by the
> >>>> JAX-WS Container.
> >>>> */
> >>>> @Resource
> >>>> private WebServiceContext context;
> >>>>
> >>>>
> >>>> //in your methods where you need to check the caller:
> >>>> if (context.getUserPrincipal() != null)
> >>>> {
> >>>> log.info(getUserPrincipal().getName() + ":: just called our
> >>>> methods");
> >>>> }
> >>>>
> >>>> Regards,
> >>>> Josef
> >>>>
> >>>>
> >>>>
> >>>> -----Original Message-----
> >>>> From: Eamonn Dwyer [mailto:eamdwyer...@hotmail.com]
> >>>> Sent: 19 August 2009 12:57
> >>>> To: users@cxf.apache.org
> >>>> Subject: RE: Determining Caller's Identity
> >>>>
> >>>>
> >>>> Hi Stephen
> >>>> Not quite what you want but maybe you could do something like this
> >>>> inside an interceptor rather than inside your service.
> >>>>
> >>>> TLSSessionInfo tlsSessionInfo = message.put(TLSSessionInfo.class);
> >>>> Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates();
> >>>> ... check the peer certificates and authorize based on this
> >>>>
> >>>> Regards
> >>>> Eamonn
> >>>>
> >>>>> From: stephen.lange...@inventrio.com
> >>>>> To: users@cxf.apache.org
> >>>>> Subject: Determining Caller's Identity
> >>>>> Date: Tue, 18 Aug 2009 14:37:12 -0400
> >>>>>
> >>>>> I have written and Apache CXF Web Service (WSDL First), inside the
> >>>>> service I want to enforce authorization based on the identity of the
> >>>>> client that called the service. I wanted to know if there was an API
> >>>>>
> >>>>> call I can make from the service implementation to obtain the client
> >>>>> identity. For example if the client authenticate over HTTPS with a
> >>>>> client certificate.
> >>>>>
> >>>>> --Steve
> >>>>>
> >>>>> Stephen Langella
> >>>>> Co-Founder
> >>>>> Inventrio, LLC
> >>>>> www.inventrio.com
> >>>>>
> >>>>> stephen.lange...@inventrio.com
> >>>>
> >>>> _________________________________________________________________
> >>>> See all the ways you can stay connected to friends and family
> >>>> http://www.microsoft.com/windows/windowslive/default.aspx
> >>
> >> --
> >> Daniel Kulp
> >> dk...@apache.org
> >> http://www.dankulp.com/blog
> >
> > _________________________________________________________________
> > See all the ways you can stay connected to friends and family
> > http://www.microsoft.com/windows/windowslive/default.aspx
>
>
_________________________________________________________________
Get 30 Free Emoticons for your Windows Live Messenger
http://www.livemessenger-emoticons.com/funfamily/en-ie/
