[
https://issues.apache.org/jira/browse/CXF-5423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13840532#comment-13840532
]
Daniel Kulp commented on CXF-5423:
----------------------------------
Nevermind.... I don't see it setting the context classloader ANYWHERE in the
jaxrs client code. Yea, it's a problem.
> Callbackhandlers and other resources aren't found if configured in blueprint
> config due to classloading issues
> --------------------------------------------------------------------------------------------------------------
>
> Key: CXF-5423
> URL: https://issues.apache.org/jira/browse/CXF-5423
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS Security
> Affects Versions: 2.7.7
> Environment: OSGi (Karaf)
> Reporter: Marc Giger
>
> Hi,
> While playing around with JAX-RS security in OSGi (following the guide at
> http://cxf.apache.org/docs/jax-rs-saml.html) I found that if I configure the
> ws-security.* props directly in blueprint none of the configured resources
> are found. A little debugging showed that the wrong classloader is used to
> load the Callbackhandlers and property files. Note this works fine for the
> jaxrs service but not for the jaxrs client.
> Blueprint config:
> <jaxrs:client id="bookStoreServiceClient"
> address="http://localhost:8040/services/bookStoreService";
> serviceClass="com.mycompany.demoRestServiceCommon.service.BookStore"
> inheritHeaders="true">
> <jaxrs:outInterceptors>
> <ref component-id="samlHeaderOutInterceptor"/>
> </jaxrs:outInterceptors>
> <jaxrs:properties>
> <entry key="ws-security.callback-handler"
> value="com.mycompany.demoRestServiceConsumer.PasswordCallbackHandler"/>
> <entry key="ws-security.saml-callback-handler"
> value="com.mycompany.demoRestServiceConsumer.SamlCallbackHandler"/>
> <entry key="ws-security.signature.username" value="client"/>
> <entry key="ws-security.signature.properties"
> value="clientKeystore.properties"/>
> </jaxrs:properties>
> </jaxrs:client>
> <bean id="samlHeaderOutInterceptor"
> class="com.mycompany.demoRestServiceConsumer.SamlOutInterceptor"/>
> I've overridden the SAMLHeaderOutInterceptor to show the problem and what
> needs to be done somewhere to fix it:
> public class SamlOutInterceptor extends SamlHeaderOutInterceptor {
> @Override
> public void handleMessage(Message message) throws Fault {
> ClassLoader classLoader =
> message.getExchange().getBus().getExtension(ClassLoader.class);
> ClassLoader tccl = Thread.currentThread().getContextClassLoader();
> try {
> if (classLoader != null) {
> Thread.currentThread().setContextClassLoader(classLoader);
> }I've implemented a hack
> super.handleMessage(message);
> } finally {
> //restore original classloader
> if (classLoader != null) {
> Thread.currentThread().setContextClassLoader(tccl);
> }
> }
> }
> }
--
This message was sent by Atlassian JIRA
(v6.1#6144)
