Thursday, September 21, 2006

Accessing User Principal in a Web Service

WS-Security provides a standard way to secure Web Services. Since based on SOAP it is agnostic of the stack you are using. When using JAX-RPC implementation, you are running in a J2EE container. In this post I am giving a tip to access the Principal object.

I have a service service, and I need to access some user information in its implementation class ( org.tug.ws.sample.SimpleServiceImpl ). This service is secure with WS-Security, with for example simple authentication, the following screenshot, is the configuration of inbound security in OracleAS 10gR3:

em-ws-sec-001


So the service is secured, here the code that you have to add in your service implementation (or handlers) to access the Principal object.

  1. Implement javax.xml.rpc.server.ServiceLifecycle
  2. Implement the init(Object context) method to access the ServletEndpointContext, that you can for example put as a local member of your implementation class.
        public void init(Object context) {
            _servleContext = (ServletEndpointContext)context;
        }
  3. Then you can access the principal object using the getUserPrincipal() method:
            ...
            if (_servleContext.getUserPrincipal() != null ) {
                Principal userPrincipal = _servleContext.getUserPrincipal();
                ...
            }
            ...
     
You can find more information about the Security in J2EE 1.4 Web Services in the Designing Web Services with the J2EE 1.4 Platform tutorial. 
Update on Wednesday october 4th: Frank Nimphius, has use this entry to create a more detail article about End to End Security with Web Services Security.

Tuesday, September 19, 2006

Choose a scripting language? Groovy or JRuby?

Last week I discussed dynamic languages with some consultants. This discussion was done in the context of integration of scripting technologies into Java EE environment. So the integration to the VM is important, I also think that the learning curve is a thing to consider.

It is true that, like any developer Iike to learn things everyday, this is why I have done some development with PHP, with Ruby On Rails, and obviously with Groovy, Javascript and many other dynamic languages.

The discussion moved quickly to an argument about which language is the best... Hard to say, but I would expect that to be more productive in enterprise it is better to use a "Java Like" syntax that allows you to leverage the power of scripts. Based on this comment it is for me a no brainer to say that Groovy is more interesting to a core Java developer than JRuby (or other Jython, Jacl, ...). I do not even want to go in the details about VM integration, performances and so on...

So in this context, A. Sundararajan has posted a very interesting comparison of Java, Groovy and JRuby syntaxes.