I am working on a web application that support multiple users and each individual user has to be authenticated (username/password). The web application uses CXF to create soap calls to an external web service. The web service requires users to be authenticated so I have added a WSS4JOutInterceptor to the OutInterceptors and would like to use the same username/password for the soap connection as was used to login to the web application. Now the thing I need advice on is how I can make this thread safe when I want to share a proxy between multiple threads (ie. I just want to create one proxy). As I understand it interceptors are shared so I cannot just set the username/password before a client soap call because other threads could be doing the same thing (race condition). What I can do is create a password CallbackHandler that stores the username/passwords in a thread local so threads do not interfere. Do you have any other suggestion on how to solve this?
Thanks, Martijn Brinkers
