You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by "Martijn Brinkers (List)" <ma...@gmail.com> on 2008/06/14 02:40:11 UTC

Re: Need help on OutInterceptors, authentiction and multiple threads

Hmm using a CallbackHandler with thread local is not the solution
because there seems to be no CallbackHandler for the username.

Any idea how to solve this? 

On Fri, 2008-06-13 at 15:25 -0700, Martijn Brinkers (List) wrote: 
> I am working on a web application that support multiple users and each
> individual user has to be authenticated (username/password). The web
> application uses CXF to create soap calls to an external web service.
> The web service requires users to be authenticated so I have added a
> WSS4JOutInterceptor to the OutInterceptors and would like to use the
> same username/password for the soap connection as was used to login to
> the web application. Now the thing I need advice on is how I can make
> this thread safe when I want to share a proxy between multiple threads
> (ie. I just want to create one proxy). As I understand it interceptors
> are shared so I cannot just set the username/password before a client
> soap call because other threads could be doing the same thing (race
> condition). What I can do is create a password CallbackHandler that
> stores the username/passwords in a thread local so threads do not
> interfere. Do you have any other suggestion on how to solve this?
> 
> Thanks,
> 
> Martijn Brinkers

Re: Need help on OutInterceptors, authentiction and multiple threads

Posted by Daniel Kulp <dk...@apache.org>.




On Jun 13, 2008, at 9:56 PM, Martijn Brinkers (List) wrote:

> If I set "thread.local.request.context" to true it seems like  
> RequestContext should be thread safe. Is this a way to set different  
> login credentials for each soap call with a shared proxy and still  
> be thread safe?

Yep.   That should work fine.   Just make sure you specify it for each  
invokation (or at least the first invoke on that thread).    If you  
use a proxy on a new thread for the first time without setting it, it  
will "inherit" the creds of the last invokation on any thread.

Dan



>
>
>
> [CODE SNIPPET]
>
> UsersWS users = service.getPort(UsersWS.class);
>
> /*
> * Make request context multithread safe. See http://markmail.org/message/lgldei2zt4trlyr6
> */
> ((BindingProvider 
> )users).getRequestContext().put("thread.local.request.context",  
> Boolean.TRUE);
>
> Client client = ClientProxy.getClient(users);
>
> Endpoint endpoint = client.getEndpoint();
>
> Map<String, Object> outProps = new HashMap<String, Object>();
>
> outProps.put(WSHandlerConstants.ACTION,  
> WSHandlerConstants.USERNAME_TOKEN);
> outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
>
> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> endpoint.getOutInterceptors().add(wssOut);		
>
> // set username and password. Is this thread safe??
> ((BindingProvider 
> )users).getRequestContext().put(WSHandlerConstants.USER, "joe");
> ((BindingProvider)users).getRequestContext().put("password",  
> "password");
>
>
>
> Martijn Brinkers
>
> On Fri, 2008-06-13 at 17:40 -0700, Martijn Brinkers (List) wrote:
>> Hmm using a CallbackHandler with thread local is not the solution
>> because there seems to be no CallbackHandler for the username.
>>
>> Any idea how to solve this?
>>
>> On Fri, 2008-06-13 at 15:25 -0700, Martijn Brinkers (List) wrote:
>>> I am working on a web application that support multiple users and  
>>> each
>>> individual user has to be authenticated (username/password). The web
>>> application uses CXF to create soap calls to an external web  
>>> service.
>>> The web service requires users to be authenticated so I have added a
>>> WSS4JOutInterceptor to the OutInterceptors and would like to use the
>>> same username/password for the soap connection as was used to  
>>> login to
>>> the web application. Now the thing I need advice on is how I can  
>>> make
>>> this thread safe when I want to share a proxy between multiple  
>>> threads
>>> (ie. I just want to create one proxy). As I understand it  
>>> interceptors
>>> are shared so I cannot just set the username/password before a  
>>> client
>>> soap call because other threads could be doing the same thing (race
>>> condition). What I can do is create a password CallbackHandler that
>>> stores the username/passwords in a thread local so threads do not
>>> interfere. Do you have any other suggestion on how to solve this?
>>>
>>> Thanks,
>>>
>>> Martijn Brinkers
>

---
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog

Re: Need help on OutInterceptors, authentiction and multiple threads

Posted by "Martijn Brinkers (List)" <ma...@gmail.com>.

If I set "thread.local.request.context" to true it seems like RequestContext should be thread safe. Is this a way to set different login credentials for each soap call with a shared proxy and still be thread safe?


[CODE SNIPPET]

UsersWS users = service.getPort(UsersWS.class);

/*
 * Make request context multithread safe. See http://markmail.org/message/lgldei2zt4trlyr6
 */
((BindingProvider)users).getRequestContext().put("thread.local.request.context", Boolean.TRUE);

Client client = ClientProxy.getClient(users);

Endpoint endpoint = client.getEndpoint();

Map<String, Object> outProps = new HashMap<String, Object>();

outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);

WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
endpoint.getOutInterceptors().add(wssOut);		

// set username and password. Is this thread safe??
((BindingProvider)users).getRequestContext().put(WSHandlerConstants.USER, "joe");
((BindingProvider)users).getRequestContext().put("password", "password");


Martijn Brinkers

On Fri, 2008-06-13 at 17:40 -0700, Martijn Brinkers (List) wrote:
> Hmm using a CallbackHandler with thread local is not the solution
> because there seems to be no CallbackHandler for the username.
> 
> Any idea how to solve this? 
> 
> On Fri, 2008-06-13 at 15:25 -0700, Martijn Brinkers (List) wrote: 
> > I am working on a web application that support multiple users and each
> > individual user has to be authenticated (username/password). The web
> > application uses CXF to create soap calls to an external web service.
> > The web service requires users to be authenticated so I have added a
> > WSS4JOutInterceptor to the OutInterceptors and would like to use the
> > same username/password for the soap connection as was used to login to
> > the web application. Now the thing I need advice on is how I can make
> > this thread safe when I want to share a proxy between multiple threads
> > (ie. I just want to create one proxy). As I understand it interceptors
> > are shared so I cannot just set the username/password before a client
> > soap call because other threads could be doing the same thing (race
> > condition). What I can do is create a password CallbackHandler that
> > stores the username/passwords in a thread local so threads do not
> > interfere. Do you have any other suggestion on how to solve this?
> > 
> > Thanks,
> > 
> > Martijn Brinkers