On Thursday 13 January 2011 10:33:02 am Rhenius, Karl Stefan wrote:
> Hi,
>
> I'd like to save some user credentials (i.e. real name) during multiple
> requests in a service using SecureConversation, but I don't know, where
> to start.
> I expected a property, that is bound on the SecureConversation-id (I
> guess thats what I get from getUserPrincipal() in this context) and that
> will be removed when the conversation ends. Unfortunately, I couldn't
> find anything in the WebServiceContext, that remains during consecutive
> requests.
>
> Is it possible to save data somewhere in the cxf framework, for example
> during the invocation of my CallbackClass, and read it in my webservice?
> This should also be aware of expired sessions and remove unused entries.
Hmmm... that's a good question. :-)
Ideally, it would get keyed off the SecurityToken that can be obtained from
the current message. Something like:
SecurityToken tok =
(SecurityToken)PhaseInterceptorChain.getCurrentMessage().getContextualProperty(SecurityConstants.TOKEN);
(might be able to call context.get(SecurityConstants.TOKEN) as well. Not sure
if that works)
That's the token that holds the current sec-conv information. When the
conversation ends or expires, it's removed and would be garbage collected and
such.
The SecurityToken object has a getProperties/setProperties call on it where
you can save a map of extra information in it. Thus, that would be my
suggestion.
--
Daniel Kulp
[email protected]
http://dankulp.com/blog
