cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CXF-2311) client can't be used with different ws security users
Date Mon, 29 Jun 2009 20:17:47 GMT

    [ https://issues.apache.org/jira/browse/CXF-2311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12725327#action_12725327
] 

Daniel Kulp commented on CXF-2311:
----------------------------------


Are you sure this doesn't already work?  At least with 2.2.2?

Looking at that code, for everything OTHER than the Action and Actor, it seems to check the
msg context for any properties.    Thus, just doing something like:

((BindingProvider)client).getRequestContext().put(WSHandlerConstants.USER, "joe");

 and similar should work.



> client can't be used with different ws security users
> -----------------------------------------------------
>
>                 Key: CXF-2311
>                 URL: https://issues.apache.org/jira/browse/CXF-2311
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2.1, 2.2.2
>         Environment: webservice client
> ws-security authentication
> stateless session bean in an application server (JBoss)
>            Reporter: Sven Reinhardt
>            Priority: Blocker
>   Original Estimate: 240h
>  Remaining Estimate: 240h
>
> - in a managed environment such as an application server it is impossible to use a generated
webservice client with ws-security authentication with different users 
> - the client seems to be a singleton and the WSS4JOutInterceptor is attached to the client,
so it can't be changed for a single request without changing it for other callers
> - so the current implementation adds a kind of state to the client which the webservice
dosn't have
> - there is no real request context for a single request to submit the ws-security credentials
to a potential context sensitive security interceptor
> -creating a client for everey request, after removing the client from the factory
>   <code>
>   jaxWsProxyFactoryBean.getClientFactoryBean().setClient(null);
>   jaxWsProxyFactoryBean.create();
>   </code>
> results in a heavy memory loss
> -possible solution: create a by request context and add to generated clients, create
a context sensitive ws-security interceptor 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message