You might need to customize credentials processing; for instance, if you want to obtain or validate credentials externally before passing them to the receiver for authentication.
By default, IBM Cúram Social Program Management web services are built to expect the client to provide credentials via a custom SOAP header and these credentials are then used in invoking the service class operation. The default processing flow is:
However, there is no security data generated for web services, so the defaults credentials on their own won't be adequate to enable access to the service (see Providing Security Data for Web Services for information on providing this data).
If you require your own credential processing you must code your own getAxis2Credentials(MessageContext) method, extending curam.util.connectors.axis2.CuramMessageReceiver, to provide these parameters. This method takes a MessageContext object as an input parameter and returns a java.util.Properties object containing the Axis2 parameter name and value. For example:
public Properties getAxis2Credentials( final MessageContext messageContextIn) { final Properties loginCredentials = new Properties(); String sUser = null; String sPassword = null; <Your processing here...> if (sUser != null) { loginCredentials.put( org.apache.axis2.rpc.receivers.ejb.EJBUtil.EJB_JNDI_USERNAME, sUser); } if (sPassword != null) { loginCredentials.put( org.apache.axis2.rpc.receivers.ejb.EJBUtil.EJB_JNDI_PASSWORD, sPassword); } return loginCredentials; }
See Building Custom Receiver Code on how to specify and build this custom class for this method.
Optionally, you can use the runtime properties curam.security.credentials.ws.username and curam.security.credentials.ws.password (encrypted) to specify default web services credentials. This may not be appropriate in a secure production environment; but, could be a useful convenience, for instance, in development for simulating functionality that would ultimately be provided by an external security system. See the Cúram Server Developer's Guide for more information on encrypted passwords.