If I set "thread.local.request.context" to true it seems like RequestContext should be thread safe. Is this a way to set different login credentials for each soap call with a shared proxy and still be thread safe?
[CODE SNIPPET] UsersWS users = service.getPort(UsersWS.class); /* * Make request context multithread safe. See http://markmail.org/message/lgldei2zt4trlyr6 */ ((BindingProvider)users).getRequestContext().put("thread.local.request.context", Boolean.TRUE); Client client = ClientProxy.getClient(users); Endpoint endpoint = client.getEndpoint(); Map<String, Object> outProps = new HashMap<String, Object>(); outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST); WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); endpoint.getOutInterceptors().add(wssOut); // set username and password. Is this thread safe?? ((BindingProvider)users).getRequestContext().put(WSHandlerConstants.USER, "joe"); ((BindingProvider)users).getRequestContext().put("password", "password"); Martijn Brinkers On Fri, 2008-06-13 at 17:40 -0700, Martijn Brinkers (List) wrote: > Hmm using a CallbackHandler with thread local is not the solution > because there seems to be no CallbackHandler for the username. > > Any idea how to solve this? > > On Fri, 2008-06-13 at 15:25 -0700, Martijn Brinkers (List) wrote: > > I am working on a web application that support multiple users and each > > individual user has to be authenticated (username/password). The web > > application uses CXF to create soap calls to an external web service. > > The web service requires users to be authenticated so I have added a > > WSS4JOutInterceptor to the OutInterceptors and would like to use the > > same username/password for the soap connection as was used to login to > > the web application. Now the thing I need advice on is how I can make > > this thread safe when I want to share a proxy between multiple threads > > (ie. I just want to create one proxy). As I understand it interceptors > > are shared so I cannot just set the username/password before a client > > soap call because other threads could be doing the same thing (race > > condition). What I can do is create a password CallbackHandler that > > stores the username/passwords in a thread local so threads do not > > interfere. Do you have any other suggestion on how to solve this? > > > > Thanks, > > > > Martijn Brinkers
