[jboss-user] [JBossWS] - Re: Accessing USERNAME/PASSWORD_PROPERTY from Web Service cl

[mjhammel]

While finding the username wasn't as hard as first thought, it looks like finding the PASSWORD is.  It doesn't seem to be in the HttpServletContext anywhere, nor can I find it in the MessageContext anywhere.

This piece of code:

        /* Find out who the user is saying they are in the HTTP session. */
  |         MessageContext msgContext = wsContext.getMessageContext();
  |         HttpServletRequest servletRequest = (HttpServletRequest) msgContext.get(MessageContext.SERVLET_REQUEST);
  |         String username = servletRequest.getRemoteUser();
  | 
  |         Enumeration hdrs = servletRequest.getHeaderNames();
  |         for (; hdrs.hasMoreElements() ;)
  |             System.out.println("Header: " + hdrs.nextElement());
  | 
  |         String pathInfo = servletRequest.getPathInfo();
  |         String queryStr = servletRequest.getQueryString();
  |         String requestURI = servletRequest.getRequestURI();
  |         StringBuffer requestURL = servletRequest.getRequestURL();
  |         Principal p = servletRequest.getUserPrincipal();
  |         String sessionID = servletRequest.getRequestedSessionId();
  | 
  |         System.out.println("Path Info: " + pathInfo);
  |         System.out.println("Query String: " + queryStr);
  |         System.out.println("Request URI : " + requestURI);
  |         System.out.println("Request URL : " + requestURL.toString());
  |         System.out.println("Principal   : " + p.toString());
  |         System.out.println("Session ID  : " + sessionID);
  | 
  |         HttpSession session = servletRequest.getSession();
  |         Enumeration attrs = session.getAttributeNames();
  |         for (; attrs.hasMoreElements() ;)
  |             System.out.println("Session Attribute: " + attrs.nextElement());

produces the following output, which doesn't show any sign of the password property:

14:49:57,472 INFO  [STDOUT] Header: authorization
  | 14:49:57,472 INFO  [STDOUT] Header: soapaction
  | 14:49:57,472 INFO  [STDOUT] Header: content-type
  | 14:49:57,472 INFO  [STDOUT] Header: jboss-remoting-version
  | 14:49:57,472 INFO  [STDOUT] Header: user-agent
  | 14:49:57,472 INFO  [STDOUT] Header: host
  | 14:49:57,472 INFO  [STDOUT] Header: accept
  | 14:49:57,472 INFO  [STDOUT] Header: connection
  | 14:49:57,472 INFO  [STDOUT] Header: content-length
  | 14:49:57,475 INFO  [STDOUT] Path Info: null
  | 14:49:57,475 INFO  [STDOUT] Query String: null
  | 14:49:57,476 INFO  [STDOUT] Request URI : /Crunch/comp/SubscriberServices
  | 14:49:57,476 INFO  [STDOUT] Request URL : https://localhost:8443/Crunch/comp/SubscriberServices
  | 14:49:57,476 INFO  [STDOUT] Principal   : admin
  | 14:49:57,476 INFO  [STDOUT] Session ID  : null
  | 

Note that there doesn't appear to be anything in the HttpSession either, which is probably correct though I'm not sure of that at the moment.

Does anyone know where the PASSWORD_PROPERTY set by the client is hiding when it gets to the Web Services class?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4123219#4123219

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4123219