You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/07/19 10:08:33 UTC

[cxf] 02/02: CXF-8077 - WSS4JInInterceptor is not thread safe

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 9ab0d2766695a2ba9f1ed1ca042b5d2a42eb4fd9
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Jul 19 11:08:02 2019 +0100

    CXF-8077 - WSS4JInInterceptor is not thread safe
---
 .../cxf/ws/security/wss4j/WSS4JInInterceptor.java       | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index ef9958e..127bba2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -109,7 +109,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
     /**
      *
      */
-    private WSSecurityEngine secEngineOverride;
+    private WSSConfig defaultConfig;
+
 
     public WSS4JInInterceptor() {
         super();
@@ -161,8 +162,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
             }
         }
 
-        secEngineOverride = new WSSecurityEngine();
-        secEngineOverride.setWssConfig(config);
+        defaultConfig = config;
     }
 
     /**
@@ -696,15 +696,12 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
 
     /**
      * @return      the WSSecurityEngine in use by this interceptor.
-     *              This engine is defined to be the secEngineOverride
-     *              instance, if defined in this class (and supplied through
-     *              construction); otherwise, it is taken to be the default
-     *              WSSecEngine instance (currently defined in the WSHandler
-     *              base class).
      */
     protected WSSecurityEngine getSecurityEngine(boolean utWithCallbacks) {
-        if (secEngineOverride != null) {
-            return secEngineOverride;
+        if (defaultConfig != null) {
+            WSSecurityEngine engine = new WSSecurityEngine();
+            engine.setWssConfig(defaultConfig);
+            return engine;
         }
 
         if (!utWithCallbacks) {