cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Mazza (JIRA)" <>
Subject [jira] Commented: (CXF-1680) Map ws-security principals into WebServiceContext.getUserPrincipal() call
Date Wed, 02 Jul 2008 17:55:45 GMT


Glen Mazza commented on CXF-1680:

I think the fact that isUserInRole() is not relevant for WS-Security would imply that its
sibling method getUserPrincipal() was not intended to be used with tokens, but with just transport-layer
Basic Auth usernames.  Granted, the definition of gUP() is quite vague though.  Still, it
would appear to be suboptimal to have getUserPrincipal() to be flipping between two meanings,
because users are never going to know what they're getting.

Within a SEI/SIB/Provider interface, isn't there already a generic method for slurping soap
header values (whether WS-addressing, WS-RM, WS-security-related or whatever) that can be
relied upon here instead?  Nice and portable across any JAX-WS implementation, and whatever
security concerns there are (i.e., in certain cases soap header values are slurpable, in certain
cases not) would be already handled by the web service stack's general SOAP header slurping
architecture.  Just a thought.

(As for the answer to your question, "no"[1], but that's another issue...  ;-)



> Map ws-security principals into WebServiceContext.getUserPrincipal() call
> -------------------------------------------------------------------------
>                 Key: CXF-1680
>                 URL:
>             Project: CXF
>          Issue Type: Improvement
>            Reporter: Daniel Kulp
>            Assignee: Daniel Kulp
>             Fix For: 2.1.2, 2.0.8
> When using ws-security x509 or username token profiles, the Principal objects should
be retrievable via the WebServiceContext.getUserPrincipal() call.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message