[jboss-user] [JBossWS] - Propagate security context to second webservice call
yousuf.raza
do-not-reply at jboss.com
Fri Oct 31 04:25:42 EDT 2008
I have configured a sample prototype application that deploys a WebService (EJB endpoint) to JBoss 4.3 which is secured against my security domain using WS-Security (using UserNameToken.)
If the client provides the correct credentials the principal is set correctly.
My question is if I want to make a second WebService call from the first one is there a way I can propagate the security context without having to provide some credential information like this:
((BindingProvider)webserviceApi).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, WebServiceConstants.USERNAME);
((BindingProvider)webserviceApi).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, WebServiceConstants.PASSWORD);
Basically what I have in mind is something where the subsequent webservice call automatically adds the required ws-security header fields in the next request.
For eg. This would be similar to the case where if I were to make a call on a EJB from the webservice that was protected against the same security domain the container would handle the propagation of the security context.
Here is the flow I am talking about if I wasn't clear enough:
Client --> 1st Webservice --> 2nd Webservice
There is some documentation about doing this if using acegi security(spring security) but I was wondering if Jbossws does this somehow.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4185922#4185922
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4185922
More information about the jboss-user
mailing list