client can't be used with different ws security users
-----------------------------------------------------
Key: CXF-2311
URL: https://issues.apache.org/jira/browse/CXF-2311
Project: CXF
Issue Type: Bug
Components: WS-* Components
Affects Versions: 2.2.2, 2.2.1
Environment: webservice client
ws-security authentication
stateless session bean in an application server (JBoss)
Reporter: Sven Reinhardt
Priority: Blocker
- in a managed environment such as an application server it is impossible to
use a generated webservice client with ws-security authentication with
different users
- the client seems to be a singleton and the WSS4JOutInterceptor is attached to
the client, so it can't be changed for a single request without changing it for
other callers
- so the current implementation adds a kind of state to the client which the
webservice dosn't have
- there is no real request context for a single request to submit the
ws-security credentials to a potential context sensitive security interceptor
-creating a client for everey request, after removing the client from the
factory
<code>
jaxWsProxyFactoryBean.getClientFactoryBean().setClient(null);
jaxWsProxyFactoryBean.create();
</code>
results in a heavy memory loss
-possible solution: create a by request context and add to generated clients,
create a context sensitive ws-security interceptor
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
