cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiaoshu Wang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-6036) Multiple UsernameToken
Date Tue, 07 Oct 2014 14:31:33 GMT
Xiaoshu Wang created CXF-6036:
---------------------------------

             Summary: Multiple UsernameToken
                 Key: CXF-6036
                 URL: https://issues.apache.org/jira/browse/CXF-6036
             Project: CXF
          Issue Type: Bug
          Components: JAX-WS Runtime
    Affects Versions: 2.7.11
            Reporter: Xiaoshu Wang


Hi, I encountered a strange (bad as well) behavior using apache CXF. Here is the code that
create the client.

	@Override
	public SearchRetrieveBasePerson getSearchClient() {
		SearchRetrieveBasePerson searchClient = getSearchService()
			.getSearchRetrieveBasePersonPort();

		HTTPConduit http = (HTTPConduit) client.getConduit();

		HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
		httpClientPolicy.setConnectionTimeout(1 * 90 * 1000);
		httpClientPolicy.setAllowChunking(false);
		httpClientPolicy.setReceiveTimeout(3 * 60 * 1000);

		http.setClient(httpClientPolicy);
		BindingProvider bp = (BindingProvider) searchClient;
		bp.getRequestContext().put("thread.local.request.context", "true");
		bp.getRequestContext().put("use.async.http.conduit", Boolean.FALSE);
		bp.getRequestContext().put("ws-security.username", getUsername());
		bp.getRequestContext().put("ws-security.password", getPassword());

		List headers = new ArrayList();
		Header auditingHeader;
		try {
			auditingHeader = new Header(new QName(
				"http://its.unc.edu/uncaudit", "UNCAuditHeader"),
				getAuditHeader(), new JAXBDataBinding(UNCAuditHeader.class));
			headers.add(auditingHeader);
			bp.getRequestContext().put(Header.HEADER_LIST, headers);
		} catch (JAXBException e) {
			throw new RuntimeException(new PersonSvcClientException(
				"Unable to create UNCAuditHeader", e));
		}
		bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
			getSearchSoapAddress());
		return searchClient;
	}

Note: the getSearchService() returns a singleton of CXF generated WebServiceClient.

If I cached the returned client and use it for the subsequent requests, i.e., using it as
a singleton. Each request added an additional UsernameToken to the request. Here is the SOAP
request on the 4th request. As you can see, there are four UsernameToken added to the Security
header. I wonder if this is a bug or if I have done something improperly?

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
	<soap:Header>
		<OrgAuditHeader xmlns="http://my.org/audit">
			<clientIP>0.0.0.0</clientIP>
			<requestedByUser>foo</requestedByUser>
			<requestedBySystem>BAR</requestedBySystem>
		</OrgAuditHeader>
		<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
			<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847092141">
				<wsse:Username>SomeUserName</wsse:Username>
				<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SomePassword</wsse:Password>
			</wsse:UsernameToken>
			<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847116982">
				<wsse:Username>SomeUserName</wsse:Username>
				<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SomePassword</wsse:Password>
			</wsse:UsernameToken>
			<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847116983">
				<wsse:Username>SomeUserName</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SomePassword</wsse:Password>
			</wsse:UsernameToken>
			<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847116984">
				<wsse:Username>SomeUserName</wsse:Username>
				<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SomePassword</wsse:Password>
			</wsse:UsernameToken>
		</wsse:Security>
	</soap:Header>
	<soap:Body>
		<searchRetrieveBasePersonProcessRequest xmlns="http://my.org/common/Person/searchRetrieveBasePerson"
xmlns:ns2="http://my.org/common/Person/core/1.6" xmlns:ns3="http://my.org/common/Person/fault"
xmlns:ns4="http://my.org/audit">
			<PID>1234567</PID>
		</searchRetrieveBasePersonProcessRequest>
	</soap:Body>
</soap:Envelope>



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message