[
https://issues.apache.org/jira/browse/CAMEL-7078?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13851664#comment-13851664
]
Sergey Beryozkin commented on CAMEL-7078:
-----------------------------------------
Hi Willem,
you mean that we push the reflective code into CxfServletRequestMapper ? Sure,
that will work too. The minimum extra cost of this reflective approach is
checking two Methods, the actual Method calls may not be even done, so it
should be OK.
The optional dependency approach should be safe too, but I'm fine with not
going that way.
I guess the only thing that is missing in the 'reflection' patch is the update
to the Import-Package, we still likely need an *optional* servlet api import
there, we will be able to avoid the explicit HttpServletRequest import in the
code but I suspect the optional OSGI import needs to be there even for the
reflection calls to work
Cheers, Sergey
> camel-cxf-transport component should propagate SecurityContext
> --------------------------------------------------------------
>
> Key: CAMEL-7078
> URL: https://issues.apache.org/jira/browse/CAMEL-7078
> Project: Camel
> Issue Type: Improvement
> Components: camel-cxf
> Reporter: Sergey Beryozkin
> Assignee: Willem Jiang
> Fix For: 2.11.4, 2.12.3, 2.13.0
>
> Attachments: camel7078-optionalservletdeps.txt,
> camel7078-reflection.txt
>
>
> Camel CXF Transport does not propagate a security context available from the
> current HTTP Servlet Request - which may be wrapped by Spring security, etc.
> Camel users may still work directly with Camel Exchange properties, but CXF
> endpoints won't be able to avoid losing the transport-independent approach
> for checking the security contexts.
>
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
