Hi,
i am a newbie about java web service, could anybody tell me,
for a web service secured by WSS, how can i distinguish the user name and group with
AccessControlContext API inside the web service method?
e.g. sample code:
>>>java.security.AccessControlContext context = >>>java.security.AccessController.getContext();
>>>javax.security.auth.Subject subj = javax.security.auth.Subject.getSubject(context);
>>>Set<Principal> s = subj.getPrincipals();
>>>for (Principal p : s)
>>>{
>>> System.out.println(p.getName());
>>>}
*****The problem is -----> the Set<Principal> contains both user name and user
*****role...how can i get the user name only?
beside the AccessControlContext api, i can use the ServiceLifecycle API:
sampel code:
>>>public class SecureService implements javax.xml.rpc.server.ServiceLifecycle
>>>{
>>>
>>>private javax.xml.rpc.server.ServletEndpointContext context;
>>>
>>>public void init(Object obj) throws javax.xml.rpc.ServiceException
>>>{
>>> context = (javax.xml.rpc.server.ServletEndpointContext)obj;
>>>}
>>>public String helloUser(String message) throws java.rmi.RemoteException
>>>{
>>> java.security.Principal principal = context.getUserPrincipal();
>>> if(principal == null)
>>> {
>>> throw new RuntimeException("Principal not found");
>>> }
>>> String userName = principal.getName();
>>> return "Hi "+userName+"! "+message;
>>>}
>>>public void destroy()
>>>{
>>> context = null;
>>>}
>>>}
*****Question: for using ServiceLifecycle, will there be concurrent access issue
*****(as the webservice is implemented as servlet...)????
thank you.
[Message sent by forum member 'imperfect' (imperfect)]
http://forums.java.net/jive/thread.jspa?messageID=206427