You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Werner Dittmann <We...@t-online.de> on 2004/10/24 15:52:40 UTC

Code changes in WSSecurityEngine

Dear WSS4J commiters,

during the modifications to add the recently checked in enhancements
I figured out a crtical change in WSSecurityEngine. This change
may cause problems because the WSSecurityEngine is usually run
as a singleton (refer also to the recent discussion here on the
list).

The class was designed to run as a singleton, thus it had
no class data, execept static class data or data that is invariant
of the requests (debug flag, some QName variables, IMO these could
probably converted to static as well).

Now there is a class private variable called
"private byte[] decryptedBytes". This was previously a local variable
of the method "public void handleEncryptedKey(...)", now it is a class
global variable! This results in several problems:

- WSSecurityEngine cannot run as a singleton anymore
- other methods us the same variable name ("decryptedBytes") as local
   variable, thus hiding the global variable. This is not a good
   programming style.

Please revise this change and try to redo it to keep the
singleton behaviour of WSSecurityEngine.

Regards,
Werner