You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2011/09/23 23:13:26 UTC

[jira] [Resolved] (CXF-3820) SecurityToken class should be serializable

     [ https://issues.apache.org/jira/browse/CXF-3820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Kulp resolved CXF-3820.
------------------------------

    Resolution: Fixed
      Assignee: Daniel Kulp


I've applied the patch as it certainly doesn't *break* anything and does allow the security token to be serialized in some cases.  However, SecurityTokens that provide or require a Crypto object will not work as that is transient.   TransportBindingHandler.doSignature and AbstractBindingBuilder.handleSupportingTokens have calls to token.getCrypto() that would then return null.  In both cases, I believe an NPE would be raised, but that would need to be verified. 

However, outside those two cases, everything certainly looks OK.



> SecurityToken class should be serializable
> ------------------------------------------
>
>                 Key: CXF-3820
>                 URL: https://issues.apache.org/jira/browse/CXF-3820
>             Project: CXF
>          Issue Type: Improvement
>          Components: WS-* Components
>    Affects Versions: 2.4.2
>            Reporter: Anubhav Sharma
>            Assignee: Daniel Kulp
>            Priority: Minor
>             Fix For: 2.4.3
>
>         Attachments: 0047-made-SecurityToken-serializable.patch
>
>
> Class org.apache.cxf.ws.security.tokenstore.SecurityToken should implement serializable. This will allow users to use this class for presistent cache.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira