You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Werner Dittmann <We...@t-online.de> on 2005/08/30 22:23:57 UTC

WSSecurity engine - some problems need to be solved

All,

once upon a time the WSSecurityEngine was a real singleton class.

Some time ago non-static variables sneaked into the code, wsconfig
was introduced, etc. Looking at the code one could easily see that
the "singleton" property of this class is gone. The problem here is:
currently the handlers use it as a singleton!

Two ways to solve the problem:
1st: give up the singleton property and adapt the handlers to use it as
     an ordinary class. This would involve modifications at the handlers
     and any other class or implementation that uses WSSecurityEngine.

     This also affects implementations that are not under our control.

2nd: Try to make it a singleton class again. That would influence other
     implementations that use the non-static variables that were
     introduced some time ago (see above). Then we have to deal with
     that. AFAIK these are part of WSS4J and could probably be modified
     (this needs to be evaluated).

Any ideas?

Regards,
Werner

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: WSSecurity engine - some problems need to be solved

Posted by Davanum Srinivas <da...@gmail.com>.

Either way is ok with me, let's make sure we document the assumption
this time. We need to make sure we don't repeat the problem ("leak")
again  :)

-- dims

On 8/30/05, Werner Dittmann <We...@t-online.de> wrote:
> All,
> 
> once upon a time the WSSecurityEngine was a real singleton class.
> 
> Some time ago non-static variables sneaked into the code, wsconfig
> was introduced, etc. Looking at the code one could easily see that
> the "singleton" property of this class is gone. The problem here is:
> currently the handlers use it as a singleton!
> 
> Two ways to solve the problem:
> 1st: give up the singleton property and adapt the handlers to use it as
>      an ordinary class. This would involve modifications at the handlers
>      and any other class or implementation that uses WSSecurityEngine.
> 
>      This also affects implementations that are not under our control.
> 
> 2nd: Try to make it a singleton class again. That would influence other
>      implementations that use the non-static variables that were
>      introduced some time ago (see above). Then we have to deal with
>      that. AFAIK these are part of WSS4J and could probably be modified
>      (this needs to be evaluated).
> 
> Any ideas?
> 
> Regards,
> Werner
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> 
> 


-- 
Davanum Srinivas : http://wso2.com/ - Oxygenating The Web Service Platform

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: WSSecurity engine - some problems need to be solved

Posted by Davanum Srinivas <da...@gmail.com>.

Either way is ok with me, let's make sure we document the assumption
this time. We need to make sure we don't repeat the problem ("leak")
again  :)

-- dims

On 8/30/05, Werner Dittmann <We...@t-online.de> wrote:
> All,
> 
> once upon a time the WSSecurityEngine was a real singleton class.
> 
> Some time ago non-static variables sneaked into the code, wsconfig
> was introduced, etc. Looking at the code one could easily see that
> the "singleton" property of this class is gone. The problem here is:
> currently the handlers use it as a singleton!
> 
> Two ways to solve the problem:
> 1st: give up the singleton property and adapt the handlers to use it as
>      an ordinary class. This would involve modifications at the handlers
>      and any other class or implementation that uses WSSecurityEngine.
> 
>      This also affects implementations that are not under our control.
> 
> 2nd: Try to make it a singleton class again. That would influence other
>      implementations that use the non-static variables that were
>      introduced some time ago (see above). Then we have to deal with
>      that. AFAIK these are part of WSS4J and could probably be modified
>      (this needs to be evaluated).
> 
> Any ideas?
> 
> Regards,
> Werner
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> 
> 


-- 
Davanum Srinivas : http://wso2.com/ - Oxygenating The Web Service Platform

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org