I'm trying to use a password callback handler, with a WS policy file.
Specifically I'm using the WSHandlerConstants.PW_CALLBACK_REF property
so that Rampart should always use the same instance of my callback
handler class. However I find that a new instance of the callback
handler class is being created.
Looking at the method getPasswordCB() in RampartUtil (below), this code
will always create a new instance of the handler class if a policy file
is used containing a callback class name, and my policy file does
contain a callback class name. I think these two blocks of code should
be reversed i.e. if I have set the PW_CALLBACK_REF property, then this
should be used in preference to creating a new instance of the handler
class.
public static CallbackHandler getPasswordCB(MessageContext msgContext,
RampartPolicyData rpd) throws RampartException {
CallbackHandler cbHandler;
if (rpd.getRampartConfig() != null &&
rpd.getRampartConfig().getPwCbClass() != null) {
String cbHandlerClass =
rpd.getRampartConfig().getPwCbClass();
ClassLoader classLoader =
msgContext.getAxisService().getClassLoader();
log.debug("loading class : " + cbHandlerClass);
Class cbClass;
try {
cbClass = Loader.loadClass(classLoader, cbHandlerClass);
} catch (ClassNotFoundException e) {
throw new RampartException("cannotLoadPWCBClass",
new String[]{cbHandlerClass}, e);
}
try {
cbHandler = (CallbackHandler) cbClass.newInstance();
} catch (java.lang.Exception e) {
throw new RampartException("cannotCreatePWCBInstance",
new String[]{cbHandlerClass}, e);
}
} else {
cbHandler = (CallbackHandler) msgContext.getProperty(
WSHandlerConstants.PW_CALLBACK_REF);
if(cbHandler == null) {
Parameter param = msgContext.getParameter(
WSHandlerConstants.PW_CALLBACK_REF);
cbHandler = (CallbackHandler)param.getValue();
}
}
return cbHandler;
}
