cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (CXF-2311) client can't be used with different ws security users
Date Fri, 16 Oct 2009 20:01:31 GMT

     [ https://issues.apache.org/jira/browse/CXF-2311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Daniel Kulp resolved CXF-2311.
------------------------------

       Resolution: Fixed
    Fix Version/s: 2.2.5
         Assignee: Daniel Kulp

> client can't be used with different ws security users
> -----------------------------------------------------
>
>                 Key: CXF-2311
>                 URL: https://issues.apache.org/jira/browse/CXF-2311
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2.1, 2.2.2
>         Environment: webservice client
> ws-security authentication
> stateless session bean in an application server (JBoss)
>            Reporter: Sven Reinhardt
>            Assignee: Daniel Kulp
>            Priority: Blocker
>             Fix For: 2.2.5
>
>   Original Estimate: 240h
>  Remaining Estimate: 240h
>
> - in a managed environment such as an application server it is impossible to use a generated
webservice client with ws-security authentication with different users 
> - the client seems to be a singleton and the WSS4JOutInterceptor is attached to the client,
so it can't be changed for a single request without changing it for other callers
> - so the current implementation adds a kind of state to the client which the webservice
dosn't have
> - there is no real request context for a single request to submit the ws-security credentials
to a potential context sensitive security interceptor
> -creating a client for everey request, after removing the client from the factory
>   <code>
>   jaxWsProxyFactoryBean.getClientFactoryBean().setClient(null);
>   jaxWsProxyFactoryBean.create();
>   </code>
> results in a heavy memory loss
> -possible solution: create a by request context and add to generated clients, create
a context sensitive ws-security interceptor 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message