[
https://issues.apache.org/jira/browse/CXF-1680?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12609982#action_12609982
]
Daniel Kulp commented on CXF-1680:
----------------------------------
For the most part right now, I just return false from isUserInRole() since
ws-security doesn't have any concept of the roles. That's going to be a nasty
little thing to deal with.
Regarding the "return null" thing: if authentication fails, doesn't
ws-security/wss4j throw a fault and the impl never gets called anyway?
The precedence thing between basic auth and ws-sec is a good question. Not
sure what the right answer is there. Hmmm...
> Map ws-security principals into WebServiceContext.getUserPrincipal() call
> -------------------------------------------------------------------------
>
> Key: CXF-1680
> URL: https://issues.apache.org/jira/browse/CXF-1680
> Project: CXF
> Issue Type: Improvement
> Reporter: Daniel Kulp
> Assignee: Daniel Kulp
> Fix For: 2.1.2, 2.0.8
>
>
> When using ws-security x509 or username token profiles, the Principal objects
> should be retrievable via the WebServiceContext.getUserPrincipal() call.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
