You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2009/06/29 22:17:47 UTC

[jira] Commented: (CXF-2311) client can't be used with different ws security users

    [ https://issues.apache.org/jira/browse/CXF-2311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12725327#action_12725327 ] 

Daniel Kulp commented on CXF-2311:
----------------------------------


Are you sure this doesn't already work?  At least with 2.2.2?

Looking at that code, for everything OTHER than the Action and Actor, it seems to check the msg context for any properties.    Thus, just doing something like:

((BindingProvider)client).getRequestContext().put(WSHandlerConstants.USER, "joe");

 and similar should work.



> client can't be used with different ws security users
> -----------------------------------------------------
>
>                 Key: CXF-2311
>                 URL: https://issues.apache.org/jira/browse/CXF-2311
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2.1, 2.2.2
>         Environment: webservice client
> ws-security authentication
> stateless session bean in an application server (JBoss)
>            Reporter: Sven Reinhardt
>            Priority: Blocker
>   Original Estimate: 240h
>  Remaining Estimate: 240h
>
> - in a managed environment such as an application server it is impossible to use a generated webservice client with ws-security authentication with different users 
> - the client seems to be a singleton and the WSS4JOutInterceptor is attached to the client, so it can't be changed for a single request without changing it for other callers
> - so the current implementation adds a kind of state to the client which the webservice dosn't have
> - there is no real request context for a single request to submit the ws-security credentials to a potential context sensitive security interceptor
> -creating a client for everey request, after removing the client from the factory
>   <code>
>   jaxWsProxyFactoryBean.getClientFactoryBean().setClient(null);
>   jaxWsProxyFactoryBean.create();
>   </code>
> results in a heavy memory loss
> -possible solution: create a by request context and add to generated clients, create a context sensitive ws-security interceptor 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.