You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Sven Reinhardt (JIRA)" <ji...@apache.org> on 2009/06/23 16:27:07 UTC

[jira] Created: (CXF-2311) client can't be used with different ws security users

client can't be used with different ws security users
-----------------------------------------------------

                 Key: CXF-2311
                 URL: https://issues.apache.org/jira/browse/CXF-2311
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.2.2, 2.2.1
         Environment: webservice client
ws-security authentication
stateless session bean in an application server (JBoss)
            Reporter: Sven Reinhardt
            Priority: Blocker


- in a managed environment such as an application server it is impossible to use a generated webservice client with ws-security authentication with different users 
- the client seems to be a singleton and the WSS4JOutInterceptor is attached to the client, so it can't be changed for a single request without changing it for other callers
- so the current implementation adds a kind of state to the client which the webservice dosn't have
- there is no real request context for a single request to submit the ws-security credentials to a potential context sensitive security interceptor
-creating a client for everey request, after removing the client from the factory
  <code>
  jaxWsProxyFactoryBean.getClientFactoryBean().setClient(null);
  jaxWsProxyFactoryBean.create();
  </code>
results in a heavy memory loss
-possible solution: create a by request context and add to generated clients, create a context sensitive ws-security interceptor 


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (CXF-2311) client can't be used with different ws security users

Posted by "Daniel Kulp (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/CXF-2311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12725327#action_12725327 ] 

Daniel Kulp commented on CXF-2311:
----------------------------------


Are you sure this doesn't already work?  At least with 2.2.2?

Looking at that code, for everything OTHER than the Action and Actor, it seems to check the msg context for any properties.    Thus, just doing something like:

((BindingProvider)client).getRequestContext().put(WSHandlerConstants.USER, "joe");

 and similar should work.



> client can't be used with different ws security users
> -----------------------------------------------------
>
>                 Key: CXF-2311
>                 URL: https://issues.apache.org/jira/browse/CXF-2311
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2.1, 2.2.2
>         Environment: webservice client
> ws-security authentication
> stateless session bean in an application server (JBoss)
>            Reporter: Sven Reinhardt
>            Priority: Blocker
>   Original Estimate: 240h
>  Remaining Estimate: 240h
>
> - in a managed environment such as an application server it is impossible to use a generated webservice client with ws-security authentication with different users 
> - the client seems to be a singleton and the WSS4JOutInterceptor is attached to the client, so it can't be changed for a single request without changing it for other callers
> - so the current implementation adds a kind of state to the client which the webservice dosn't have
> - there is no real request context for a single request to submit the ws-security credentials to a potential context sensitive security interceptor
> -creating a client for everey request, after removing the client from the factory
>   <code>
>   jaxWsProxyFactoryBean.getClientFactoryBean().setClient(null);
>   jaxWsProxyFactoryBean.create();
>   </code>
> results in a heavy memory loss
> -possible solution: create a by request context and add to generated clients, create a context sensitive ws-security interceptor 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (CXF-2311) client can't be used with different ws security users

Posted by "Daniel Kulp (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CXF-2311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Kulp resolved CXF-2311.
------------------------------

       Resolution: Fixed
    Fix Version/s: 2.2.5
         Assignee: Daniel Kulp

> client can't be used with different ws security users
> -----------------------------------------------------
>
>                 Key: CXF-2311
>                 URL: https://issues.apache.org/jira/browse/CXF-2311
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2.1, 2.2.2
>         Environment: webservice client
> ws-security authentication
> stateless session bean in an application server (JBoss)
>            Reporter: Sven Reinhardt
>            Assignee: Daniel Kulp
>            Priority: Blocker
>             Fix For: 2.2.5
>
>   Original Estimate: 240h
>  Remaining Estimate: 240h
>
> - in a managed environment such as an application server it is impossible to use a generated webservice client with ws-security authentication with different users 
> - the client seems to be a singleton and the WSS4JOutInterceptor is attached to the client, so it can't be changed for a single request without changing it for other callers
> - so the current implementation adds a kind of state to the client which the webservice dosn't have
> - there is no real request context for a single request to submit the ws-security credentials to a potential context sensitive security interceptor
> -creating a client for everey request, after removing the client from the factory
>   <code>
>   jaxWsProxyFactoryBean.getClientFactoryBean().setClient(null);
>   jaxWsProxyFactoryBean.create();
>   </code>
> results in a heavy memory loss
> -possible solution: create a by request context and add to generated clients, create a context sensitive ws-security interceptor 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (CXF-2311) client can't be used with different ws security users

Posted by "Sven Reinhardt (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/CXF-2311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12727451#action_12727451 ] 

Sven Reinhardt commented on CXF-2311:
-------------------------------------

It can't  work because the client on 
jaxWsProxyFactoryBean.getClientFactoryBean().getClient(); 
is a singleton.
code like this:
MyService client1 = (MyService) jaxWsProxyFactoryBean.create();
MyService client2 = (MyService) jaxWsProxyFactoryBean.create();
((BindingProvider)client1).getRequestContext().put(WSHandlerConstants.USER, "jack"); 
((BindingProvider)client2).getRequestContext().put(WSHandlerConstants.USER, "joe"); 
LOG.info(((BindingProvider)client1).getRequestContext().get(WSHandlerConstants.USER));

produces:
joe
instead of jack
So it is not a per request context not even per service. 

I'm using 2.2.2.
Is jaxWsProxyFactoryBean the right way to create the client in this situation?


> client can't be used with different ws security users
> -----------------------------------------------------
>
>                 Key: CXF-2311
>                 URL: https://issues.apache.org/jira/browse/CXF-2311
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2.1, 2.2.2
>         Environment: webservice client
> ws-security authentication
> stateless session bean in an application server (JBoss)
>            Reporter: Sven Reinhardt
>            Priority: Blocker
>   Original Estimate: 240h
>  Remaining Estimate: 240h
>
> - in a managed environment such as an application server it is impossible to use a generated webservice client with ws-security authentication with different users 
> - the client seems to be a singleton and the WSS4JOutInterceptor is attached to the client, so it can't be changed for a single request without changing it for other callers
> - so the current implementation adds a kind of state to the client which the webservice dosn't have
> - there is no real request context for a single request to submit the ws-security credentials to a potential context sensitive security interceptor
> -creating a client for everey request, after removing the client from the factory
>   <code>
>   jaxWsProxyFactoryBean.getClientFactoryBean().setClient(null);
>   jaxWsProxyFactoryBean.create();
>   </code>
> results in a heavy memory loss
> -possible solution: create a by request context and add to generated clients, create a context sensitive ws-security interceptor 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.