Thank you for the reply. We are currently on jwsdp-1.5, and I'm not sure
when we plan to go to 1.6. In any case, I figured out a different way to
solve this problem. I have a class that wraps the PortType_stub class, and
have declared 2 static ThreadLocals to hold the username and password.
Obviously this won't work if the web service call needs to run in a separate
thread, or if I need to hit two separate endpoints within the same thread,
but for now, it's a quick and easy solution.
I'll take a look at 1.6 though, as that seems to be a more elegant solution.
Dave
On 8/11/05, V B Kumar Jayanti <Vbkumar.Jayanti_at_sun.com> wrote:
>
> Hi David,
>
> David Sharp wrote:
>
> > I can't seem to figure out how to programmatically set the
> > user-authentication token used by a JAX-RPC web service call. I have
> > created a CallbackHandler that can set the username and password,
> > however it does not have the information necessary to determine which
> > userid and password to use.
> >
> > My application is basically a web application, that uses web service
> > calls behind the scenes to retrieve information. Depending on the
> > user that is logged in, the endpoint will vary along with the username
> > and password the endpoint will expect. So the problem I'm having, is
> > that my servlet that is calling the web service, has enough
> > information to create the stub, set the endpoint, and call the web
> > service. It even has enough information to determine what username
> > and password it should use. Unfortunately, there does not appear to
> > be a way to pass this information to the callback handler that will
> > actually be setting the username and password.
> >
> > If I can guarantee that the password handler will run in the same
> > thread as the servlet making the web service call, I could set a
> > system property keyed on the current thread, that has the
> > information. However this seems to be an ugly hack. What I really
> > need, is a way to pass parameters at runtime from a web-service caller
> > to the CallbackHandler that will eventually handle set the username
> > and password used to create the authentication token.
> >
> > Any help would be greatly appreciated.
>
>
> There is a way to do this if you are using JWSDP 1.6 ( i.e XWS Security
> 2.0 EA). There is sample called dynamic-policy which would be relevant
> in this case for more information (copy the CallbackHandler present in
> the dynamic-policy sample to get the relevant import statements).
>
>
> Here are the steps :
>
> 1. your client side Security Configuration should look like the following
> :
>
> <xwss:JAXRPCSecurity
> xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>
> <xwss:Service>
> <!-- the exact policy to apply will be decided by the
> SecurityEnvironmentHandler at runtime -->
> <xwss:SecurityConfiguration dumpMessages="true"
> enableDynamicPolicy="true">
> </xwss:SecurityConfiguration>
> </xwss:Service>
>
>
> <xwss:SecurityEnvironmentHandler>
> com.sun.xml.wss.sample.SecurityEnvironmentHandler
>
> </xwss:SecurityEnvironmentHandler>
>
> </xwss:JAXRPCSecurity>
>
> This would enable dynamic policy callbacks.
>
>
> 2. In the CallbackHandler add an else {....} clause to handle the
> DynamicPolicyCallback.
>
> The code will look something like this :
>
>
>
> > else if (callbacks[i] instanceof DynamicPolicyCallback) {
> > DynamicPolicyCallback dpCallback =
> > (DynamicPolicyCallback) callbacks[i];
> > SecurityPolicy policy = dpCallback.getSecurityPolicy();
> >
> > if (policy instanceof DynamicSecurityPolicy) {
> > try {
> > handleDynamicSecurityPolicy (dpCallback);
> > } catch (PolicyGenerationException pge) {
> > throw new IOException (pge.getMessage());
> > }
> > }
> > }
>
> > private void handleDynamicSecurityPolicy (DynamicPolicyCallback
> callback)
> > throws PolicyGenerationException {
> >
> >
> > boolean inBound = false;
> > DynamicSecurityPolicy policy = (DynamicSecurityPolicy)
> > callback.getSecurityPolicy();
> > DynamicApplicationContext dynamicContext =
> > (DynamicApplicationContext) callback.getDynamicContext();
> >
> >
> >
> > java.util.Iterator prop =
> > dynamicContext.getRuntimeProperties().entrySet().iterator();
> >
> > //You can look for the following Runtime properties here
> > // 1. Service URL=http://localhost:8080/dynamicpolicy/Ping
> > // 2.
> >
> javax.xml.rpc.service.endpoint.address=http://localhost:8080/dynamicpolicy/Ping
> > // 3. context.operation.name={http://xmlsoap.org/Ping}Ping
>
> // 4. javax.xml.rpc.security.auth.username=<whatever
> username was set on the Stub)
> // 5.javax.xml.rpc.security.auth.password=<whatever password
> was set on the Stub)
>
> >
> >
> >
> > while( prop.hasNext()) {
> > System.out.println(prop.next());
> > }
> >
> >
> >
> >
> > inBound = dynamicContext.inBoundMessage();
>
> if (!inBound) {
>
> >
> >
> >
> > WSSPolicyGenerator generator = (WSSPolicyGenerator)
> > policy.policyGenerator ();
> > AuthenticationTokenPolicy atp = new AuthenticationTokenPolicy();
> > AuthenticationTokenPolicy.UsernameTokenBinding utb =
> > (AuthenticationTokenPolicy.UsernameTokenBinding)
> > atp.newUsernameTokenFeatureBinding();
> > utb.setUsername(<username>); // username extracted from
> > runtime properties above
> > utb.setPassword(<password>); // password extracted from
> > runtime properties above.
> > MessagePolicy mPolicy = new MessagePolicy();
> > mPolicy.dumpMessages(true); // if you want dumping of
> > outgoing Messages
> > mPolicy.append(atp);
> > callback.setSecurityPolicy(mPolicy);
> > }
>
> }
>
> Note: The API shown above is in Early Acess state and hence expect minor
> changes to this in the FCS release of XWS Security 2.0.
>
> >
> > Thanks,
> > Dave
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jax-rpc.dev.java.net
> For additional commands, e-mail: users-help_at_jax-rpc.dev.java.net
>
>