XWS Security, programmatic interface to set a user-authentication token?

From: David Sharp <>
Date: Wed, 10 Aug 2005 19:41:29 -0500

I can't seem to figure out how to programmatically set the
user-authentication token used by a JAX-RPC web service call. I have created
a CallbackHandler that can set the username and password, however it does
not have the information necessary to determine which userid and password to

My application is basically a web application, that uses web service calls
behind the scenes to retrieve information. Depending on the user that is
logged in, the endpoint will vary along with the username and password the
endpoint will expect. So the problem I'm having, is that my servlet that is
calling the web service, has enough information to create the stub, set the
endpoint, and call the web service. It even has enough information to
determine what username and password it should use. Unfortunately, there
does not appear to be a way to pass this information to the callback handler
that will actually be setting the username and password.

If I can guarantee that the password handler will run in the same thread as
the servlet making the web service call, I could set a system property keyed
on the current thread, that has the information. However this seems to be an
ugly hack. What I really need, is a way to pass parameters at runtime from a
web-service caller to the CallbackHandler that will eventually handle set
the username and password used to create the authentication token.

Any help would be greatly appreciated.