2 Replies Latest reply on Nov 18, 2011 8:18 AM by slopez01

Web Service (non-ejb) and retrieval of user identity

slopez01 Nov 12, 2011 5:10 PM

Great product!! I got this tool up and running in just a couple of days. I'm able to perform authorization and authentication using the STS against a web service. The token comes across, properly allows/denies access and I can see SAML2Handler doing it's job. Unfortunately when I grab the web service context and try to get the principal it returns null.

Most of the information on the internet is for EJB, has anyone been able to get the subject using just a WAR?

Everything is perfect except for this one issue.

Thanks in advance.

Scott

1. Re: Web Service (non-ejb) and retrieval of user identity

anil.saldhana Nov 17, 2011 12:04 PM (in response to slopez01)

If you are talking about POJO based WS, then instead of SAML2Handler, you need a combination of the WSAuthenticationHandler and WSAuthorizationHandler
https://docs.jboss.org/author/display/PLINK/PicketLink+JBoss+Web+Services+Handlers
Actions
2. Re: Web Service (non-ejb) and retrieval of user identity

slopez01 Nov 18, 2011 8:18 AM (in response to anil.saldhana)

Thanks, I had both the WSAuthenticationHandler and the WSAuthorizationHandler configured. I was having issues getting the userid out of the information. asking for the principal from the web service context produced a null result.

I was able to grab the user id by calling the SecurityAssociation class which stores the user information and groups.

Thanks
Actions

Go to original post