I've written a SAM to handle authentication for webapps, now I'm trying to write one to handle SOAP authentication, but I'm not sure how to hook it all up.
In the war for the webservice, I configured the sun-web-app's httpservlet-security-provider attribute to use my SAM and in my standalone client code, I set the username and password like so:
Hello_Service service = new Hello_Service();
Hello port = service.getHelloPort();
port.getRequestContext().put( BindingProvider.USERNAME_PROPERTY, "username" );
port.getRequestContext().put( BindingProvider.PASSWORD_PROPERTY, "password" );
My SAM's getSupportedMessageTypes returns javax.servlet.http.HttpServletRequest.class , javax.servlet.http.HttpServletResponse.class and javax.xml.soap.SOAPMessage.class.
I configured the SAM as a SOAP and HttpServlet provider and tried both "sender" and "content" for Authentication Source.
I know my configuration is not right, because messageInfo.getRequestMessage always returns an instance of HttpServletRequest and walking the object graph doesn't turn up any reference to my username or password.
What am I missing?
[Message sent by forum member 'brian_of_fortent' (brian_of_fortent)]
http://forums.java.net/jive/thread.jspa?messageID=281348