[jboss-user] [JBossWS] - Propagate security context to second webservice call

yousuf.raza do-not-reply at jboss.com
Fri Oct 31 04:25:42 EDT 2008

I have configured a sample prototype application that deploys a WebService (EJB endpoint)  to JBoss 4.3 which is secured against my security domain using WS-Security (using UserNameToken.)

If the client provides the correct credentials the principal is set correctly. 

My question is if I want to make a second WebService call from the first one is there a way I can propagate the security context without having to provide some credential information like this:

((BindingProvider)webserviceApi).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, WebServiceConstants.USERNAME);

((BindingProvider)webserviceApi).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, WebServiceConstants.PASSWORD);

Basically what I have in mind is something where the subsequent webservice call automatically adds the required ws-security header fields in the next request. 

For eg. This would be similar to the case where if I were to make a call on a EJB from the webservice that was protected against the same security domain the container would handle the propagation of the security context. 

Here is the flow I am talking about if I wasn't clear enough:

Client --> 1st Webservice --> 2nd Webservice

There is some documentation about doing this if using acegi security(spring security) but I was wondering if Jbossws does this somehow.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4185922#4185922

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4185922

More information about the jboss-user mailing list