You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (Assigned) (JIRA)" <ji...@apache.org> on 2012/01/25 17:42:45 UTC
[jira] [Assigned] (CXF-4052) Crypto cache issues and the
PolicyBasedWSS4JInInterceptor used as a singleton
[ https://issues.apache.org/jira/browse/CXF-4052?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh reassigned CXF-4052:
----------------------------------------
Assignee: Colm O hEigeartaigh
> Crypto cache issues and the PolicyBasedWSS4JInInterceptor used as a singleton
> -----------------------------------------------------------------------------
>
> Key: CXF-4052
> URL: https://issues.apache.org/jira/browse/CXF-4052
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.4.5
> Environment: JBossWS-CXF integration, using Apache CXF 2.4.x
> Reporter: Alessio Soldano
> Assignee: Colm O hEigeartaigh
>
> When using WS-Policy to setup WS-Security interceptors, the WSSecurityInterceptorProvider runs:
> {code}
> ...
> this.getInInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
> this.getInFaultInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
> ...
> {code}
> which causes the same instance of PolicyBasedWSS4JInInterceptor to be added to any bus.
> Unfortunately, the PolicyBasedWSS4JInInterceptor ends up extending org.apache.ws.security.handler.WSHandler which has a Map<String, Crypto> attribute. That is used whenever loading a Crypto instance and caches instances with keys basically given by the Merlin prop file name the user specified for the endpoint.
> So, when having multiple deployments referencing properties files with the same name, the first crypto instance is always used.
> If we want to keep the singleton approach on using the PolicyBasedWSS4JInInterceptor, we should probably at least use a different mechanism for creating keys so that prop files from different deployments are kept separate.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira