Mar 5th, 2008, 05:25 PM
Accessing WS Securiy info in AbstractMarshallingPayloadEndpoint
I am using WS Security for authenticating my web service call.
I need to pass the user name to our business layer as we need to store the username in the database for every create / update. Now in order to pass the username to my business layer, i need to get the username in my web service end point.
what's the best way to do this? How do i access the SOAP Headers from an EndPoint or how do i pass this user information to my end point?
My thought is to extract the user information in an end point interceptor and place it in the message context. Then i can retreve this user information in the end point by implementing the onUnmarshalRequest method.
Any other ideas?
Mar 6th, 2008, 02:56 AM
If you are using Acegi, you have the information available in the SecurityContextHolder.
Mar 6th, 2008, 03:21 AM
Thanks Paul for the answer. I am able to get the User infomation from SecurityContextHolder. I am extracting it from an interceptor and setting it in messageContext so that all the endpoints just deal with MessageContext instead of acegi's SecurityContextHoler.
How does the SecurityContextHoler work? Does that use the threadlocal to store the SecurityContext?
Mar 6th, 2008, 05:30 AM
Yes, default it uses Threadlocal, but the strategy can be controlled with a SecurityContextHolderStrategy configuration. I don't know the details here, but the javadoc of the SecurityContextHolder goes a long way describing this.