如何使用WSS4J拦截器在Web服务方法中获取经过身份验证的用户 [英] How to get authenticated user in web service methods using WSS4J interceptors

问题描述

我在Spring中托管了一个Apache CXF服务。我正在使用WSS4J拦截器来验证用户名/密码安全性以访问服务器。验证工作正常，如果我从SoapUI发送错误的凭据我不能按预期使用该服务。如果我发送正确的凭据，服务没有问题。这是我在spring上下文文件中的配置。

I have an Apache CXF service hosted in Spring. I am using WSS4J interceptors to validate username/password security to access the server. Authentication works correctly, if I send wrong credentials from SoapUI I can't use the service, as expected. If I send right credentials, service works with no problems. This is my configuration in spring context file.

<bean id="myPasswordCallback" class="cu.datys.sias.custom.ServerPasswordCallback"/>

<jaxws:endpoint id="siasEndpoint"
                implementor="#siasImpl"
                address="/sias">
    <jaxws:features>
        <!-- Soporte WS-Addressing -->
        <!--<wsa:addressing xmlns:wsa="http://cxf.apache.org/ws/addressing" addressingRequired="true" usingAddressingAdvisory="true" allowDuplicates="true"/>-->
    </jaxws:features>
    <jaxws:inInterceptors>
        <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
            <constructor-arg>
                <map>
                    <entry key="action" value="UsernameToken" />
                    <entry key="passwordType" value="PasswordText" />
                    <entry key="passwordCallbackRef"
                           value-ref="myPasswordCallback" />
                </map>
            </constructor-arg>
        </bean>
    </jaxws:inInterceptors>
</jaxws:endpoint>

现在我需要能够在我的服务方法中访问我认证的用户，如下所示：

Now I need to be able to access my authenticated user inside my service methods, something like this:

@WebResult(name = "UpdatePatternResponse", targetNamespace = "http://test.com/schemas/xsd/myservice/", partName = "UpdatePatternResponse")
@WebMethod(operationName = "UpdatePattern", action = "UpdatePattern")
@Generated(value = "org.apache.cxf.tools.wsdlto.WSDLToJava", date = "2015-02-19T12:49:59.491-05:00")
public test.com.schemas.xsd.myservice.UpdatePatternResponse updatePattern(
    @WebParam(partName = "UpdatePatternRequest", name = "UpdatePatternRequest", targetNamespace = "http://test.com/schemas/xsd/myservice/")
    test.com.schemas.xsd.myservice.UpdatePatternRequest updatePatternRequest
) throws SIASFaultMessage{
    .
    .
    User myAuthenticatedUser = //HOW TO GET THE USER???
    .....
    .
    .
    .
}

如何在Apache CXF服务方法中获取经过身份验证的用户？

How can I get the authenticated user inside my Apache CXF service methods?

推荐答案

我发现这是与这样一个重要主题有关的唯一问题，所以我想分享我为CXF 3.1发现的内容.x。

I found this to be the only question relating to such an important subject, so I would like to share what I found for CXF 3.1.x.

基本思路与@ alfredo-a相同。以下是代码：

The basic idea is the same as @alfredo-a illustrated. Here is the code:

Message message=PhaseInterceptorChain.getCurrentMessage();
SecurityContext context=message.get(SecurityContext.class);
String userName=context.getUserPrincipal().getName();

我希望这对某人有帮助。

I hope this is helpful to someone.

干杯！

这篇关于如何使用WSS4J拦截器在Web服务方法中获取经过身份验证的用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！