Announcement Announcement Module
Collapse
No announcement yet.
Accessing WS Securiy info in AbstractMarshallingPayloadEndpoint Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Accessing WS Securiy info in AbstractMarshallingPayloadEndpoint

    I am using WS Security for authenticating my web service call.

    I need to pass the user name to our business layer as we need to store the username in the database for every create / update. Now in order to pass the username to my business layer, i need to get the username in my web service end point.

    what's the best way to do this? How do i access the SOAP Headers from an EndPoint or how do i pass this user information to my end point?

    My thought is to extract the user information in an end point interceptor and place it in the message context. Then i can retreve this user information in the end point by implementing the onUnmarshalRequest method.

    Any other ideas?

    Thanks,
    Sankar.

  • #2
    If you are using Acegi, you have the information available in the SecurityContextHolder.

    Regards,
    Paul

    Comment


    • #3
      Thanks Paul for the answer. I am able to get the User infomation from SecurityContextHolder. I am extracting it from an interceptor and setting it in messageContext so that all the endpoints just deal with MessageContext instead of acegi's SecurityContextHoler.

      How does the SecurityContextHoler work? Does that use the threadlocal to store the SecurityContext?

      Comment


      • #4
        Yes, default it uses Threadlocal, but the strategy can be controlled with a SecurityContextHolderStrategy configuration. I don't know the details here, but the javadoc of the SecurityContextHolder goes a long way describing this.

        Regards,
        Paul

        Comment

        Working...
        X