Custom Credential Processing

You might need to customize credentials processing; for instance, if you want to obtain or validate credentials externally before passing them to the receiver for authentication.

By default, IBM Cúram Social Program Management web services are built to expect the client to provide credentials via a custom SOAP header and these credentials are then used in invoking the service class operation. The default processing flow is:

Unless curamWSClientMustAuthenticate is set to false in the services.xml descriptor for the service, the SOAP message is checked for a header and if present these credentials are used. If the SOAP header is not present then the invocation of the service fails.
If curamWSClientMustAuthenticate is set to false the services.xml jndiUser and jndiPassword parameters are used.
If there are no jndiUser and jndiPassword parameters specified in the services.xml descriptor file, default credentials are used.
However, there is no security data generated for web services, so the defaults credentials on their own won't be adequate to enable access to the service (see Providing Security Data for Web Services for information on providing this data).

If you require your own credential processing you must code your own getAxis2Credentials(MessageContext) method, extending curam.util.connectors.axis2.CuramMessageReceiver, to provide these parameters. This method takes a MessageContext object as an input parameter and returns a java.util.Properties object containing the Axis2 parameter name and value. For example:

Figure 1. Sample getAxis2Credentials Method

public Properties getAxis2Credentials(
      final MessageContext messageContextIn) {

      final Properties loginCredentials = new Properties();

      String sUser = null;
      String sPassword = null;

      <Your processing here...>

      if (sUser != null) {
        loginCredentials.put(
org.apache.axis2.rpc.receivers.ejb.EJBUtil.EJB_JNDI_USERNAME,
          sUser);
      }

      if (sPassword != null) {
        loginCredentials.put(
org.apache.axis2.rpc.receivers.ejb.EJBUtil.EJB_JNDI_PASSWORD,
          sPassword);
      }

      return loginCredentials;
    }

See Building Custom Receiver Code on how to specify and build this custom class for this method.

Optionally, you can use the runtime properties curam.security.credentials.ws.username and curam.security.credentials.ws.password (encrypted) to specify default web services credentials. This may not be appropriate in a secure production environment; but, could be a useful convenience, for instance, in development for simulating functionality that would ultimately be provided by an external security system. See the Cúram Server Developer's Guide for more information on encrypted passwords.