You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2011/09/23 23:13:26 UTC
[jira] [Resolved] (CXF-3820) SecurityToken class should be
serializable
[ https://issues.apache.org/jira/browse/CXF-3820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Kulp resolved CXF-3820.
------------------------------
Resolution: Fixed
Assignee: Daniel Kulp
I've applied the patch as it certainly doesn't *break* anything and does allow the security token to be serialized in some cases. However, SecurityTokens that provide or require a Crypto object will not work as that is transient. TransportBindingHandler.doSignature and AbstractBindingBuilder.handleSupportingTokens have calls to token.getCrypto() that would then return null. In both cases, I believe an NPE would be raised, but that would need to be verified.
However, outside those two cases, everything certainly looks OK.
> SecurityToken class should be serializable
> ------------------------------------------
>
> Key: CXF-3820
> URL: https://issues.apache.org/jira/browse/CXF-3820
> Project: CXF
> Issue Type: Improvement
> Components: WS-* Components
> Affects Versions: 2.4.2
> Reporter: Anubhav Sharma
> Assignee: Daniel Kulp
> Priority: Minor
> Fix For: 2.4.3
>
> Attachments: 0047-made-SecurityToken-serializable.patch
>
>
> Class org.apache.cxf.ws.security.tokenstore.SecurityToken should implement serializable. This will allow users to use this class for presistent cache.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira