Re: Need help on OutInterceptors, authentiction and multiple threads

Mon, 16 Jun 2008 08:10:51 -0700 




On Jun 13, 2008, at 9:56 PM, Martijn Brinkers (List) wrote:


If I set "thread.local.request.context" to true it seems like  
RequestContext should be thread safe. Is this a way to set different  
login credentials for each soap call with a shared proxy and still  
be thread safe?



Yep.   That should work fine.   Just make sure you specify it for each  
invokation (or at least the first invoke on that thread).    If you  
use a proxy on a new thread for the first time without setting it, it  
will "inherit" the creds of the last invokation on any thread.


Dan







[CODE SNIPPET]

UsersWS users = service.getPort(UsersWS.class);

/*
* Make request context multithread safe. See 
http://markmail.org/message/lgldei2zt4trlyr6
*/

((BindingProvider 
)users).getRequestContext().put("thread.local.request.context",  
Boolean.TRUE);


Client client = ClientProxy.getClient(users);

Endpoint endpoint = client.getEndpoint();

Map<String, Object> outProps = new HashMap<String, Object>();


outProps.put(WSHandlerConstants.ACTION,  
WSHandlerConstants.USERNAME_TOKEN);

outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);

WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
endpoint.getOutInterceptors().add(wssOut);              

// set username and password. Is this thread safe??

((BindingProvider 
)users).getRequestContext().put(WSHandlerConstants.USER, "joe");
((BindingProvider)users).getRequestContext().put("password",  
"password");




Martijn Brinkers

On Fri, 2008-06-13 at 17:40 -0700, Martijn Brinkers (List) wrote:

Hmm using a CallbackHandler with thread local is not the solution
because there seems to be no CallbackHandler for the username.

Any idea how to solve this?

On Fri, 2008-06-13 at 15:25 -0700, Martijn Brinkers (List) wrote:

I am working on a web application that support multiple users and  
each

individual user has to be authenticated (username/password). The web

application uses CXF to create soap calls to an external web  
service.

The web service requires users to be authenticated so I have added a
WSS4JOutInterceptor to the OutInterceptors and would like to use the

same username/password for the soap connection as was used to  
login to
the web application. Now the thing I need advice on is how I can  
make
this thread safe when I want to share a proxy between multiple  
threads
(ie. I just want to create one proxy). As I understand it  
interceptors
are shared so I cannot just set the username/password before a  
client

soap call because other threads could be doing the same thing (race
condition). What I can do is create a password CallbackHandler that
stores the username/passwords in a thread local so threads do not
interfere. Do you have any other suggestion on how to solve this?

Thanks,

Martijn Brinkers




---
Daniel Kulp
[EMAIL PROTECTED]
http://www.dankulp.com/blog


























					Reply via email to