You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2009/10/16 22:01:31 UTC
[jira] Resolved: (CXF-2311) client can't be used with different ws
security users
[ https://issues.apache.org/jira/browse/CXF-2311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Kulp resolved CXF-2311.
------------------------------
Resolution: Fixed
Fix Version/s: 2.2.5
Assignee: Daniel Kulp
> client can't be used with different ws security users
> -----------------------------------------------------
>
> Key: CXF-2311
> URL: https://issues.apache.org/jira/browse/CXF-2311
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.2.1, 2.2.2
> Environment: webservice client
> ws-security authentication
> stateless session bean in an application server (JBoss)
> Reporter: Sven Reinhardt
> Assignee: Daniel Kulp
> Priority: Blocker
> Fix For: 2.2.5
>
> Original Estimate: 240h
> Remaining Estimate: 240h
>
> - in a managed environment such as an application server it is impossible to use a generated webservice client with ws-security authentication with different users
> - the client seems to be a singleton and the WSS4JOutInterceptor is attached to the client, so it can't be changed for a single request without changing it for other callers
> - so the current implementation adds a kind of state to the client which the webservice dosn't have
> - there is no real request context for a single request to submit the ws-security credentials to a potential context sensitive security interceptor
> -creating a client for everey request, after removing the client from the factory
> <code>
> jaxWsProxyFactoryBean.getClientFactoryBean().setClient(null);
> jaxWsProxyFactoryBean.create();
> </code>
> results in a heavy memory loss
> -possible solution: create a by request context and add to generated clients, create a context sensitive ws-security interceptor
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.