If you do:
((BindingProvider)port).getRequestContext().put("thread.local.request.context",
"true");
than future calls to getRequestContext() will use a thread local request
context. That allows the request context to be threadsafe. (Note: the response
context is always thread local in CXF).
Details in http://cxf.apache.org/faq.html#FAQ-AreJAXWSclientproxiesthreadsafe%3F
Cheers,
Andrei.
> -----Original Message-----
> From: Ed Bras [mailto:z...@debrasjes.com]
> Sent: Donnerstag, 13. Dezember 2012 14:00
> To: Andrei Shakirin
> Cc: users@cxf.apache.org
> Subject: RE: How to use ws-security info per sending soap message in CXF?
>
> Hi,
> Sorry, I was a bit too fast with my previous post.
> What about concurrent usage of the port with different security settings?
> I think this doesn't work in the code example below.
>
> What I mean is that I send message A and B at the same time, through the
> port below with different security settings.
> I think in your code example below, it's possible that message B will use the
> security settings of A as they will use the same request context.
>
> - Ed
>
>
>
> > -----Original Message-----
> > From: Andrei Shakirin [mailto:ashaki...@talend.com]
> > Sent: donderdag 13 december 2012 13:09
> > To: users@cxf.apache.org
> > Cc: z...@debrasjes.com
> > Subject: RE: How to use ws-security info per sending soap message in CXF?
> >
> > Hi Ed,
> >
> > As I already wrote, you don't even need the interceptor to change the
> > properties.
> > You can do it in your client by sending message:
> >
> > AddNumbers port = (AddNumbers)service.getPort(portName,
> > AddNumbers.class);
> >
> ((BindingProvider)port).getRequestContext().put(SecurityConstants.ENCRYP
> T_PR
> OP
> > ERTIES, <new property location>).
> >
> > Although, If you would like to do it in interceptor, you can pass
> necessary
> > information with message properties using the same technic.
> >
> > The most standard and recommended way to control security in CXF is
> > using
> WS-
> > Policy.
> > You also can apply it dynamically at the runtime. If this way is
> interesting
> > for you, I can provide further information how to set WS-Policy
> dynamically.
> >
> > Cheers,
> > Andrei.
> >
> > > -----Original Message-----
> > > From: Ed Bras [mailto:z...@debrasjes.com]
> > > Sent: Donnerstag, 13. Dezember 2012 10:31
> > > To: users@cxf.apache.org
> > > Subject: RE: How to use ws-security info per sending soap message in
> CXF?
> > >
> > > Thanks for your answer.
> > > I understand how I can change security properties in an interceptor.
> > > The problem is: how do I know when to change these properties?
> > >
> > > When I send a soap message, I know which security settings should be
> used.
> > > But how do I attach these security settings to a soap message such
> > > that they can be read by an interceptor and can use them?
> > >
> > > - Ed
> > >
> > > > -----Original Message-----
> > > > From: Andrei Shakirin [mailto:ashaki...@talend.com]
> > > > Sent: woensdag 12 december 2012 18:10
> > > > To: users@cxf.apache.org
> > > > Cc: z...@debrasjes.com
> > > > Subject: RE: How to use ws-security info per sending soap message
> > > > in
> CXF?
> > > >
> > > > Hi,
> > > >
> > > > a) jaxws client
> > > > 1) You can set message property:
> > > > SecurityConstants.ENCRYPT_PROPERTIES and dynamically update
> > > > property file
> > > > location:
> > > > message. put(SecurityConstants.ENCRYPT_PROPERTIES, <new property
> > > location>);
> > > > WSS4J will automatically use these properties.
> > > >
> > > > It is possible to do it either in custom interceptor (should be
> > > > called
> > > before
> > > > WSS4JOutInterceptor) or in client logic via:
> > > >
> > > ((BindingProvider)proxy).getRequestContext().put(SecurityConstants.E
> > > NC
> > > RY
> > > PT_P
> > > RO
> > > > PERTIES, <new property location>).
> > > >
> > > > Cons of this solution: you are still restricted to use
> > > > keystore.properties file.
> > > >
> > > > 2) More generic solution is implement own CryptoProvider
> > > > (implements wss4j CryptoBase interface) and set this
> > > > implementation in SecurityConstants.ENCRYPT_CRYPTO message
> > > > property. In provider
> > > implementation
> > > > you can get certificates and private keys whatever you want: from
> > > keystore,
> > > > remotely from service, etc.
> > > >
> > > > b) http conduit
> > > > TLS parameters can be also configured programmatically:
> > > > Client c = ClientProxy.getClient(port); HTTPConduit conduit =
> > > > (HTTPConduit) c.getConduit(); TLSClientParameters tlsParams = new
> > > > TLSClientParameters(); ...
> > > > conduit.setTlsClientParameters(tlsParams);
> > > >
> > > > see
> > > http://blog.progs.be/71/cxf-simple-frontend-allow-all-ssl-certificat
> > > es
> > > -
> > > > and-set-basic-authentication-credentials for details.
> > > >
> > > > I hope this can help.
> > > >
> > > > Cheers,
> > > > Andrei.
> > > >
> > > > > -----Original Message-----
> > > > > From: Ed Bras [mailto:z...@debrasjes.com]
> > > > > Sent: Mittwoch, 12. Dezember 2012 15:16
> > > > > To: users@cxf.apache.org
> > > > > Subject: How to use ws-security info per sending soap message in
> CXF?
> > > > >
> > > > > Please some advice on the following requirement:
> > > > > I like to be able to dynamically change/set the ws-security info
> > > > > per sending soap message in cxf. How can this best be done.
> > > > >
> > > > > Details: I want to change settings like keystore name, keystore
> > > > > alias, password, host name, etc.. during runtime, preferable per
> > > > > sending
> > > message.
> > > > >
> > > > > Currently I am using: jaxws client with WSS4JOutInterceptor and
> > > > > WSS4JInInterceptor interceptor for signing. And I am using http
> > > > > conduit with tls client parameters for SSL/TLS communications.
> > > > > Both the jaxws client and http conduit are configured in spring
> > > > > and have their configuration like keystore name, alias and
> > > > > password set in the
> > > Spring
> > > > config.
> > > > >
> > > > > I see options:
> > > > > 1) I change these settings during runtime through a global property.
> > > > > 2) I change these settings per sending message (preferable).
> > > > >
> > > > > 2) Is preferable but most difficult I think. How should I do this?
> > > > >
> > > > > I was thinking about:
> > > > > a) jaxws client: make my own in- and out interceptor that
> > > > > intercepts a message and use the correct (cached)
> > > > > WSS4JOutInterceptor interceptor depending on the security
> > > > > settings that that message requires. If the WSS4JOutInterceptor
> > > > > interceptor doesn't exists in cache, it's created (I probably
> > > > > have max 5 WSS4JOutInterceptor instances
> > > cached).
> > > > > However, how can I determine which settings are required in my
> > > > > interceptor as that is known in an other part of the app when
> > > > > talking to the @Webservice proxy to create and send the soap
> > > > > request/message... Maybe I could be able to add some kind of
> > > > > securityInfo object to the soap message through the
> > > > > JaxWsClientProxy, but how ?... Or maybe I can set the
> > > > > interceptors when sending/creating
> > > the
> > > > soap message when this security info is still know.
> > > > > This will then be a light weight interceptor containing the
> > > > > required settings, linking to the cached interceptors, that is
> > > > > selected depending on the settings...
> > > > >
> > > > > b) http conduit: using a ConduitSelector (never used it but will
> > > > > find out), such that I am able to select the correct http
> > > > > conduit, but I have the same problem as in (a): "How to
> > > > > determine which settings I should use" as they are known when
> > > > > creating/sending a soap message and
> > > the
> > > > interceptors are set later...
> > > > > Probably I have to set an conduit selector per sending message..
> > > > >
> > > > > Please some advice?
> > > > > - Ed
> > >
>
