[
https://issues.apache.org/jira/browse/CXF-2311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daniel Kulp resolved CXF-2311.
------------------------------
Resolution: Fixed
Fix Version/s: 2.2.5
Assignee: Daniel Kulp
> client can't be used with different ws security users
> -----------------------------------------------------
>
> Key: CXF-2311
> URL: https://issues.apache.org/jira/browse/CXF-2311
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.2.1, 2.2.2
> Environment: webservice client
> ws-security authentication
> stateless session bean in an application server (JBoss)
> Reporter: Sven Reinhardt
> Assignee: Daniel Kulp
> Priority: Blocker
> Fix For: 2.2.5
>
> Original Estimate: 240h
> Remaining Estimate: 240h
>
> - in a managed environment such as an application server it is impossible to
> use a generated webservice client with ws-security authentication with
> different users
> - the client seems to be a singleton and the WSS4JOutInterceptor is attached
> to the client, so it can't be changed for a single request without changing
> it for other callers
> - so the current implementation adds a kind of state to the client which the
> webservice dosn't have
> - there is no real request context for a single request to submit the
> ws-security credentials to a potential context sensitive security interceptor
> -creating a client for everey request, after removing the client from the
> factory
> <code>
> jaxWsProxyFactoryBean.getClientFactoryBean().setClient(null);
> jaxWsProxyFactoryBean.create();
> </code>
> results in a heavy memory loss
> -possible solution: create a by request context and add to generated clients,
> create a context sensitive ws-security interceptor
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
