cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alessio Soldano (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-4052) Crypto cache issues and the PolicyBasedWSS4JInInterceptor used as a singleton
Date Thu, 26 Jan 2012 15:36:38 GMT

    [ https://issues.apache.org/jira/browse/CXF-4052?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13193908#comment-13193908
] 

Alessio Soldano commented on CXF-4052:
--------------------------------------

Hi Colm,
thanks for having worked on this. Unfortunately, I think the patch is not enough to solve
the issue. AFAICS, AbstractWSS4JInterceptor::loadCrypto(...) still first tries looking up
the Crypto using the refId that comes from the requestData message context ("RefId-bob.properties"
in my case). I think that is set in PolicyBasedWSS4JInInterceptor::computeAction(...) when
using WS-Policy.
                
> Crypto cache issues and the PolicyBasedWSS4JInInterceptor used as a singleton
> -----------------------------------------------------------------------------
>
>                 Key: CXF-4052
>                 URL: https://issues.apache.org/jira/browse/CXF-4052
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.4.5
>         Environment: JBossWS-CXF integration, using Apache CXF 2.4.x
>            Reporter: Alessio Soldano
>            Assignee: Colm O hEigeartaigh
>         Attachments: cxf-4052.patch
>
>
> When using WS-Policy to setup WS-Security interceptors, the WSSecurityInterceptorProvider
runs:
> {code}
> ...
> this.getInInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
> this.getInFaultInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
> ...
> {code}
> which causes the same instance of PolicyBasedWSS4JInInterceptor to be added to any bus.
> Unfortunately, the PolicyBasedWSS4JInInterceptor ends up extending org.apache.ws.security.handler.WSHandler
which has a Map<String, Crypto> attribute. That is used whenever loading a Crypto instance
and caches instances with keys basically given by the Merlin prop file name the user specified
for the endpoint.
> So, when having multiple deployments referencing properties files with the same name,
the first crypto instance is always used.
> If we want to keep the singleton approach on using the PolicyBasedWSS4JInInterceptor,
we should probably at least use a different mechanism for creating keys so that prop files
from different deployments are kept separate.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message