Return-Path: Delivered-To: apmail-ws-axis-user-archive@www.apache.org Received: (qmail 45300 invoked from network); 4 May 2006 12:24:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 4 May 2006 12:24:17 -0000 Received: (qmail 23565 invoked by uid 500); 4 May 2006 12:24:08 -0000 Delivered-To: apmail-ws-axis-user-archive@ws.apache.org Received: (qmail 23552 invoked by uid 500); 4 May 2006 12:24:08 -0000 Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-user@ws.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-user@ws.apache.org Received: (qmail 23541 invoked by uid 99); 4 May 2006 12:24:08 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 May 2006 05:24:08 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [141.66.18.148] (HELO relay2.fiz-karlsruhe.de) (141.66.18.148) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 May 2006 05:24:07 -0700 Received: from a27swork.fiz-karlsruhe.de ([141.66.16.39]) by relay2.fiz-karlsruhe.de with ESMTP; 04 May 2006 14:23:46 +0200 X-BrightmailFiltered: true X-Brightmail-Tracker: AAAAAA== X-IronPort-AV: i="4.05,87,1146434400"; d="scan'208"; a="4160857:sNHT14104284" Received: from mail1ex.fiz-karlsruhe.de (pc [141.66.16.9]) by A27swork.fiz-karlsruhe.de (8.12.11/8.12.11) with ESMTP id k44CNh8m022471 for ; Thu, 4 May 2006 14:23:43 +0200 (MEST) Received: by mail1ex.fiz-karlsruhe.de with Internet Mail Service (5.5.2653.19) id <1XJ7Y1L0>; Thu, 4 May 2006 14:23:46 +0200 Message-ID: <41EA24EC431CD411AA8200008385014F0B170DF9@mail1ex.fiz-karlsruhe.de> From: "Kraus, Bernhard" To: "'axis-user@ws.apache.org'" Subject: Axis/EJB/Security Date: Thu, 4 May 2006 14:23:45 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Hi all, I am using Axis (1.2) to expose a Stateless Session EJB (2.1) as Webservice using the Axis EJBProvider on a JBoss (4.0.3) Application Server. The Webservices and EJB are the service layer of the application and the next layer (POJO framework) is the business layer. The plan for the security framework is to handle the authorization using AOP before and after the business layer, but to avoid using username/password as parameter in the business/service layer code. I tried using the XML RPC security implementation on client side: import javax.xml.rpc.Stub; Stub msg = (javax.xml.rpc.Stub) stub; msg._setProperty(Stub.USERNAME_PROPERTY,"username"); msg._setProperty(Stub.PASSWORD_PROPERTY,"password"); The Axis framework EJBProvider fills the user information as described from the msgContext: Implementation is similar to: ... props.put( Context.SECURITY_PRINCIPAL, msgContext.getUsername() ); props.put( Context.SECURITY_CREDENTIALS, msgContext.getPassword() ); InitialContext initialContext = new InitialContext( props ); ... When accessing the EJB, the user principal is "anonymous" (default JBoss setting). I debugged the EJBProvider and username/password is filled from the msgContext. The problem is to provide the username/password from Axis to EJB Now how can I access the Context in the EJB layer? I implemented a LoginHandler (using: org.jboss.security.auth.spi.AbstractServerLoginModule) but the principal and credential is still "null" even here. Is there any other option to access the information passed to EJB and write them e.g. to ThreadLocal to access them from the business logic? Regards, Bernhard