cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Will Gomes <wgo...@umd.edu>
Subject Re: CXF Proxy and WS-Security
Date Wed, 27 Feb 2008 17:34:52 GMT

Daniel Kulp wrote:
> On Tuesday 26 February 2008, Will Gomes wrote:
>   
>> Is it possible with CXF to use single Proxy and be able to set the
>> user for UsernameToken before each invocation and be thread safe? All
>> examples I've seen so far sets the user on the interceptor once per
>> proxy.  Can I specify callback for username, similar to the password?
>>     
>
> Unforunately, at this point, the answer is no due to spec compliance 
> issues.    You can read some of the discussion about it in JIRA:
> https://issues.apache.org/jira/browse/CXF-1410
>
> We're kind of debating which direction to go:
> 1) A separate proprietary "getThreadRequestContext()" call on a 
> proprietary interface.
>
> 2) A flag that would somehow flip the getRequestContext() call over to a 
> thread safe variety.
>
> In either case, the behavoir would be proprietary to CXF as the spec (and 
> TCK) more or less requires the non-thread safe behavior to be the 
> default.   :-(
>
> I'd be interesting in hearing your opinions on the matter.
>
>   
Second solution seems more portable.  Could the WSS4JOutInterceptor be 
made to make a callback to a UsernameCallbackHandler to retreive the 
username and add to the message context? I assume the message is thread 
safe when in the InterceptorChain. Also, i'm not sure the purpose of 
having a password callback (aside from keeping passwords out of 
config/code) if there is no associated  username callback handler.

Mime
View raw message