cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (CXF-6036) Multiple UsernameToken
Date Tue, 28 Mar 2017 07:10:41 GMT

     [ https://issues.apache.org/jira/browse/CXF-6036?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh closed CXF-6036.
------------------------------------
    Resolution: Not A Problem

See Dan's comment.

> Multiple UsernameToken
> ----------------------
>
>                 Key: CXF-6036
>                 URL: https://issues.apache.org/jira/browse/CXF-6036
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-WS Runtime
>    Affects Versions: 2.7.11
>            Reporter: Xiaoshu Wang
>
> Hi, I encountered a strange (bad as well) behavior using apache CXF. Here is the code
that create the client.
> 	@Override
> 	public SearchRetrieveBasePerson getSearchClient() {
> 		SearchRetrieveBasePerson searchClient = getSearchService()
> 			.getSearchRetrieveBasePersonPort();
> 		HTTPConduit http = (HTTPConduit) client.getConduit();
> 		HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
> 		httpClientPolicy.setConnectionTimeout(1 * 90 * 1000);
> 		httpClientPolicy.setAllowChunking(false);
> 		httpClientPolicy.setReceiveTimeout(3 * 60 * 1000);
> 		http.setClient(httpClientPolicy);
> 		BindingProvider bp = (BindingProvider) searchClient;
> 		bp.getRequestContext().put("thread.local.request.context", "true");
> 		bp.getRequestContext().put("use.async.http.conduit", Boolean.FALSE);
> 		bp.getRequestContext().put("ws-security.username", getUsername());
> 		bp.getRequestContext().put("ws-security.password", getPassword());
> 		List headers = new ArrayList();
> 		Header auditingHeader;
> 		try {
> 			auditingHeader = new Header(new QName(
> 				"http://its.unc.edu/uncaudit", "UNCAuditHeader"),
> 				getAuditHeader(), new JAXBDataBinding(UNCAuditHeader.class));
> 			headers.add(auditingHeader);
> 			bp.getRequestContext().put(Header.HEADER_LIST, headers);
> 		} catch (JAXBException e) {
> 			throw new RuntimeException(new PersonSvcClientException(
> 				"Unable to create UNCAuditHeader", e));
> 		}
> 		bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
> 			getSearchSoapAddress());
> 		return searchClient;
> 	}
> Note: the getSearchService() returns a singleton of CXF generated WebServiceClient.
> If I cached the returned client and use it for the subsequent requests, i.e., using it
as a singleton. Each request added an additional UsernameToken to the request. Here is the
SOAP request on the 4th request. As you can see, there are four UsernameToken added to the
Security header. I wonder if this is a bug or if I have done something improperly?
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> 	<soap:Header>
> 		<OrgAuditHeader xmlns="http://my.org/audit">
> 			<clientIP>0.0.0.0</clientIP>
> 			<requestedByUser>foo</requestedByUser>
> 			<requestedBySystem>BAR</requestedBySystem>
> 		</OrgAuditHeader>
> 		<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> 			<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847092141">
> 				<wsse:Username>SomeUserName</wsse:Username>
> 				<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SomePassword</wsse:Password>
> 			</wsse:UsernameToken>
> 			<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847116982">
> 				<wsse:Username>SomeUserName</wsse:Username>
> 				<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SomePassword</wsse:Password>
> 			</wsse:UsernameToken>
> 			<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847116983">
> 				<wsse:Username>SomeUserName</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SomePassword</wsse:Password>
> 			</wsse:UsernameToken>
> 			<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847116984">
> 				<wsse:Username>SomeUserName</wsse:Username>
> 				<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SomePassword</wsse:Password>
> 			</wsse:UsernameToken>
> 		</wsse:Security>
> 	</soap:Header>
> 	<soap:Body>
> 		<searchRetrieveBasePersonProcessRequest xmlns="http://my.org/common/Person/searchRetrieveBasePerson"
xmlns:ns2="http://my.org/common/Person/core/1.6" xmlns:ns3="http://my.org/common/Person/fault"
xmlns:ns4="http://my.org/audit">
> 			<PID>1234567</PID>
> 		</searchRetrieveBasePersonProcessRequest>
> 	</soap:Body>
> </soap:Envelope>



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message