Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Login credidentials and HandlerChain problem

Former Member
0 Kudos

hi, i have a problem with getting user who call a web service and logging soap message together.

i was getting a user with this code:

Logger log = LoggerFactory.getLogger("");
String login = "";
IUser user = UMFactory.getAuthenticator().getLoggedInUser();
login = user.getUniqueName();
log.info(login);

this code working with no problem when the basic http authentication was set.

problem begins with adding handlerChain annotation to web service class.

@HandlerChain(file = "LogMessage_handler.xml")

when i comment this annotation getting user working perfectly, but when the logging soap messages is turned on, web service is getting "guest" as user and http authentication is not working witch is the major problem because the webservice is available on internet. i want to logging inbount soap requests. but the no authentication is inadmissible.

can anyone help me?

4 REPLIES 4

martin_voros
Active Contributor
0 Kudos

Hi,

what do you have in that XML file?

Cheers

Former Member
0 Kudos

I'm sorry. The XML file LogMessage_handler.xml

<?xml version="1.0" encoding="UTF-8"?>
<handler-chains xmlns="http://java.sun.com/xml/ns/javaee">
  <handler-chain>
    <handler>
      <handler-name>sk.zsr.zt.supis.extern.LogMessageHandler</handler-name>
      <handler-class>sk.zsr.zt.supis.extern.LogMessageHandler</handler-class>
    </handler>
  </handler-chain>
</handler-chains>

and LogMessageHandler.java

...
public class LogMessageHandler implements SOAPHandler<SOAPMessageContext> {

	public boolean handleMessage(SOAPMessageContext messageContext) {
		log(messageContext);
		return true;
	}

	@SuppressWarnings("unchecked")
	public Set<QName> getHeaders() {
		return Collections.EMPTY_SET;
	}

	public boolean handleFault(SOAPMessageContext messageContext) {
		return true;
	}

	public void close(MessageContext context) {
	}

	private void log(SOAPMessageContext messageContext) {
		SOAPMessage msg = messageContext.getMessage(); 
		Logger log = LoggerFactory.getLogger("SOAP");
		try {
			ByteArrayOutputStream out = new ByteArrayOutputStream();
			msg.writeTo(out);
			log.info(out.toString());
			
		} catch (SOAPException ex) {
			log.error(ex.getLocalizedMessage());
		} catch (IOException ex) {
			log.error(ex.getLocalizedMessage());
		}
	}
...

0 Kudos

Hi,

don't take me too seriously cause I have almost no knowledge of writing web services in Java but I don't like your implementation of method getHeaders. Should you use return Collections.emptySet(); for getting type safety. If that does not help then I would try to comment out whole code and try to figure out what's the cause of issue.

Cheers

Former Member
0 Kudos

this sounds like a good idea, but when i comment whole method, the implementation of SOAPHandler<SOAPMessageContext> gives me an error with implementation of inherited abstract method getHeaders().

changing to emptySet() have a no effect in web service behaviour.

i'm able to get http authorization header like :

Authorization:Basic Og==

then i think the emptySet() do not solve my problem. i was tried to paste check username code just behind the code which is getting the authorization header, but no effect. still getting "guest".

...and the request with no authorization header can still invoke the web service.