Oh I just noticed the "Dan and Dan" below :) , my brain and hands must have been out of synch for a bit.
Regards, Eamonn > Date: Fri, 21 Aug 2009 13:23:12 -0400 > Subject: Re: Determining Caller's Identity > From: stephen.lange...@osumc.edu > To: users@cxf.apache.org > > Eamonn, > Eamonn, > > Thanks you for this information, I tried what you suggested and got what > I need working, thanks again. > > --Steve > > > Stephen Langella > Co-Director > Software Research Institute > Center for IT Innovations in Healthcare > Ohio State University > > Senior Researcher > Department of Biomedical Informatics > Ohio State University > > Office: (614) 293-9534 > Lab: (614) 292-8420 > stephen.lange...@osumc.edu > > > > From: Eamonn Dwyer <eamdwyer...@hotmail.com> > > Reply-To: <users@cxf.apache.org> > > Date: Thu, 20 Aug 2009 14:37:45 +0100 > > To: <users@cxf.apache.org> > > Subject: RE: Determining Caller's Identity > > > > > > Hi Dan and Dan > > I think the attribute names maybe slightly different to the ones mentioned > > below - looking at the code in SSLUtils.java propagateSecureSession they > > seem > > to be > > "javax.servlet.request.cipher_suite" and > > "javax.servlet.request.X509Certificate". > > > > or if you feel like going the interceptor route the code would look > > something > > like (though you will need to add code to distinguish between the clients > > own > > certificate and the client's own certificate's CA chain > > > > .... > > > > > > public class TestInterceptor extends AbstractPhaseInterceptor<Message> { > > > > public TestInterceptor() { > > super(Phase.RECEIVE); > > } > > > > public void handleMessage(Message message) throws Fault { > > // TODO Auto-generated method stub > > TLSSessionInfo tlsSessionInfo = > > (TLSSessionInfo)message.get(TLSSessionInfo.class); > > Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates(); > > for (int i = 0; i < peerCerts.length; i++) { > > X509Certificate x509certificate = (X509Certificate)peerCerts[i]; > > System.out.println("x509certificate " + > > x509certificate.getSubjectDN()); > > > > } > > > > } > > > > } > > > > the output would look like > > x509certificate CN=bob, OU=eng, O=mycompany.com > > x509certificate CN=trent, OU=eng, O=mycompany.com > > > > > > Regs > > Eamonn > > > > > >> From: dk...@apache.org > >> To: users@cxf.apache.org > >> Subject: Re: Determining Caller's Identity > >> Date: Wed, 19 Aug 2009 13:53:49 -0400 > >> CC: stephen.lange...@osumc.edu > >> > >> On Wed August 19 2009 1:20:25 pm Stephen Langella wrote: > >>> Josef, > >>> > >>> I tried what you suggested but context.getUserPrincipal() returned > >>> null. Keep in mind I am using X.509 client certificates to authenticate > >>> with the server, I am trying to get the subject DN from the clients > >>> certificate as opposed to a basic authentication user id. Is this > >>> supported or am I doing something wrong? In Googling around I found a > >>> JIRA issue related to this and it is not clear whether or not what I am > >>> trying to do is supported: > >>> > >>> https://issues.apache.org/jira/browse/CXF-1680 > >> > >> That had to do with X509 things withing a WS-Security secured message, not > >> really using certs for SSL/https. For https, what you probably need to do > >> is > >> pull the HttpServletRequest out of the context > >> (context.get(MessageContext.SERVLET_REQUEST)) and then use the > >> HttpServletRequest.getAttribute(...) call to retrieve the various HTTPS > >> attributes. "javax.net.ssl.peer_certificates" and > >> "javax.net.ssl.cipher_suite" and such. > >> > >> Dan > >> > >> > >>> > >>> I would appreciate if someone would comment, thanks in advance. > >>> > >>> --Steve > >>> > >>> Stephen Langella > >>> Co-Director > >>> Software Research Institute > >>> Center for IT Innovations in Healthcare > >>> Ohio State University > >>> > >>> Senior Researcher > >>> Department of Biomedical Informatics > >>> Ohio State University > >>> > >>> Office: (614) 293-9534 > >>> Lab: (614) 292-8420 > >>> stephen.lange...@osumc.edu > >>> > >>>> From: Josef Bajada <josef.baj...@go.com.mt> > >>>> Reply-To: <users@cxf.apache.org> > >>>> Date: Wed, 19 Aug 2009 15:03:05 +0200 > >>>> To: <users@cxf.apache.org> > >>>> Subject: RE: Determining Caller's Identity > >>>> > >>>> If you use the servlet container's authentication and transport security > >>>> methods (through WEB-INF/web.xml) to force authentication (such as HTTP > >>>> BASIC Auth over HTTPS), you can simply put the following line in your > >>>> service implementation class. > >>>> > >>>> > >>>> /** > >>>> * The web-service context will be automatically injected by the > >>>> JAX-WS Container. > >>>> */ > >>>> @Resource > >>>> private WebServiceContext context; > >>>> > >>>> > >>>> //in your methods where you need to check the caller: > >>>> if (context.getUserPrincipal() != null) > >>>> { > >>>> log.info(getUserPrincipal().getName() + ":: just called our > >>>> methods"); > >>>> } > >>>> > >>>> Regards, > >>>> Josef > >>>> > >>>> > >>>> > >>>> -----Original Message----- > >>>> From: Eamonn Dwyer [mailto:eamdwyer...@hotmail.com] > >>>> Sent: 19 August 2009 12:57 > >>>> To: users@cxf.apache.org > >>>> Subject: RE: Determining Caller's Identity > >>>> > >>>> > >>>> Hi Stephen > >>>> Not quite what you want but maybe you could do something like this > >>>> inside an interceptor rather than inside your service. > >>>> > >>>> TLSSessionInfo tlsSessionInfo = message.put(TLSSessionInfo.class); > >>>> Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates(); > >>>> ... check the peer certificates and authorize based on this > >>>> > >>>> Regards > >>>> Eamonn > >>>> > >>>>> From: stephen.lange...@inventrio.com > >>>>> To: users@cxf.apache.org > >>>>> Subject: Determining Caller's Identity > >>>>> Date: Tue, 18 Aug 2009 14:37:12 -0400 > >>>>> > >>>>> I have written and Apache CXF Web Service (WSDL First), inside the > >>>>> service I want to enforce authorization based on the identity of the > >>>>> client that called the service. I wanted to know if there was an API > >>>>> > >>>>> call I can make from the service implementation to obtain the client > >>>>> identity. For example if the client authenticate over HTTPS with a > >>>>> client certificate. > >>>>> > >>>>> --Steve > >>>>> > >>>>> Stephen Langella > >>>>> Co-Founder > >>>>> Inventrio, LLC > >>>>> www.inventrio.com > >>>>> > >>>>> stephen.lange...@inventrio.com > >>>> > >>>> _________________________________________________________________ > >>>> See all the ways you can stay connected to friends and family > >>>> http://www.microsoft.com/windows/windowslive/default.aspx > >> > >> -- > >> Daniel Kulp > >> dk...@apache.org > >> http://www.dankulp.com/blog > > > > _________________________________________________________________ > > See all the ways you can stay connected to friends and family > > http://www.microsoft.com/windows/windowslive/default.aspx > > _________________________________________________________________ Get 30 Free Emoticons for your Windows Live Messenger http://www.livemessenger-emoticons.com/funfamily/en-ie/