When using a CallBackHandler (implemented from javax.security.auth.callback.CallbackHandler) to authenticate the UsernameToken, how can you store the identity of requestor for later use?
My use case is user A requests method1 and receives data specific to User A. User B requests method1 and receives data specific to User B.
I'm using camel to process the request before returning the response, but I need to be able to keep track of who the requester was.
You should be able to look up the subject by using the key of Exchange.AUTHENTICATION. The blow code shows you how camel store the UserPrincipal from cxf message to camel message header.
// propagate the security subject from CXF security context
SecurityContext securityContext = cxfMessage.get(SecurityContext.class);
if (securityContext != null && securityContext.getUserPrincipal() != null) {
Subject subject = new Subject();
subject.getPrincipals().add(securityContext.getUserPrincipal());
camelExchange.getIn().getHeaders().put(Exchange.AUTHENTICATION, subject);
}