Hi Daniel, there is no SecurityConstants.TOKEN property in the message properties, but your response gave me the right hint.
If you start a secure conversation, the workflow looks like: incoming message >..> handle callbacks >..> invoke sts, create token >..> outgoing message The SecurityToken is created during the invocation phase, so my callback can't save anything to the token. I made an interceptor for the POST_INVOCATION phase, that reads the token-id from the outgoing message and gets the token from the TokenStore. Data from my callback is stored in the Exchange object from the current message, so the interceptor can bind it now on the token. For further requests on my service, an interceptor in the PRE_INVOCATION phase gets the current token and puts my data into the message properties. Thanks Karl > On Thursday 13 January 2011 10:33:02 am Rhenius, Karl Stefan wrote: > > Hi, > > > > I'd like to save some user credentials (i.e. real name) during > > multiple requests in a service using SecureConversation, > but I don't > > know, where to start. I expected a property, that is bound on the > > SecureConversation-id (I guess thats what I get from > > getUserPrincipal() in this context) and that will be > removed when the > > conversation ends. Unfortunately, I couldn't find anything in the > > WebServiceContext, that remains during consecutive requests. ... > Ideally, it would get keyed off the SecurityToken that can be > obtained from > the current message. Something like: > > SecurityToken tok = > (SecurityToken)PhaseInterceptorChain.getCurrentMessage().getCo ntextualProperty(SecurityConstants.TOKEN); > ... > > The SecurityToken object has a getProperties/setProperties > call on it where > you can save a map of extra information in it. Thus, that > would be my suggestion.
