You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2017/03/28 07:10:41 UTC

[jira] [Closed] (CXF-6036) Multiple UsernameToken

     [ https://issues.apache.org/jira/browse/CXF-6036?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh closed CXF-6036.
------------------------------------
    Resolution: Not A Problem

See Dan's comment.

> Multiple UsernameToken
> ----------------------
>
>                 Key: CXF-6036
>                 URL: https://issues.apache.org/jira/browse/CXF-6036
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-WS Runtime
>    Affects Versions: 2.7.11
>            Reporter: Xiaoshu Wang
>
> Hi, I encountered a strange (bad as well) behavior using apache CXF. Here is the code that create the client.
> 	@Override
> 	public SearchRetrieveBasePerson getSearchClient() {
> 		SearchRetrieveBasePerson searchClient = getSearchService()
> 			.getSearchRetrieveBasePersonPort();
> 		HTTPConduit http = (HTTPConduit) client.getConduit();
> 		HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
> 		httpClientPolicy.setConnectionTimeout(1 * 90 * 1000);
> 		httpClientPolicy.setAllowChunking(false);
> 		httpClientPolicy.setReceiveTimeout(3 * 60 * 1000);
> 		http.setClient(httpClientPolicy);
> 		BindingProvider bp = (BindingProvider) searchClient;
> 		bp.getRequestContext().put("thread.local.request.context", "true");
> 		bp.getRequestContext().put("use.async.http.conduit", Boolean.FALSE);
> 		bp.getRequestContext().put("ws-security.username", getUsername());
> 		bp.getRequestContext().put("ws-security.password", getPassword());
> 		List headers = new ArrayList();
> 		Header auditingHeader;
> 		try {
> 			auditingHeader = new Header(new QName(
> 				"http://its.unc.edu/uncaudit", "UNCAuditHeader"),
> 				getAuditHeader(), new JAXBDataBinding(UNCAuditHeader.class));
> 			headers.add(auditingHeader);
> 			bp.getRequestContext().put(Header.HEADER_LIST, headers);
> 		} catch (JAXBException e) {
> 			throw new RuntimeException(new PersonSvcClientException(
> 				"Unable to create UNCAuditHeader", e));
> 		}
> 		bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
> 			getSearchSoapAddress());
> 		return searchClient;
> 	}
> Note: the getSearchService() returns a singleton of CXF generated WebServiceClient.
> If I cached the returned client and use it for the subsequent requests, i.e., using it as a singleton. Each request added an additional UsernameToken to the request. Here is the SOAP request on the 4th request. As you can see, there are four UsernameToken added to the Security header. I wonder if this is a bug or if I have done something improperly?
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> 	<soap:Header>
> 		<OrgAuditHeader xmlns="http://my.org/audit">
> 			<clientIP>0.0.0.0</clientIP>
> 			<requestedByUser>foo</requestedByUser>
> 			<requestedBySystem>BAR</requestedBySystem>
> 		</OrgAuditHeader>
> 		<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> 			<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847092141">
> 				<wsse:Username>SomeUserName</wsse:Username>
> 				<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SomePassword</wsse:Password>
> 			</wsse:UsernameToken>
> 			<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847116982">
> 				<wsse:Username>SomeUserName</wsse:Username>
> 				<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SomePassword</wsse:Password>
> 			</wsse:UsernameToken>
> 			<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847116983">
> 				<wsse:Username>SomeUserName</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SomePassword</wsse:Password>
> 			</wsse:UsernameToken>
> 			<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847116984">
> 				<wsse:Username>SomeUserName</wsse:Username>
> 				<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SomePassword</wsse:Password>
> 			</wsse:UsernameToken>
> 		</wsse:Security>
> 	</soap:Header>
> 	<soap:Body>
> 		<searchRetrieveBasePersonProcessRequest xmlns="http://my.org/common/Person/searchRetrieveBasePerson" xmlns:ns2="http://my.org/common/Person/core/1.6" xmlns:ns3="http://my.org/common/Person/fault" xmlns:ns4="http://my.org/audit">
> 			<PID>1234567</PID>
> 		</searchRetrieveBasePersonProcessRequest>
> 	</soap:Body>
> </soap:Envelope>



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)