I am running version 2.7.2 of org.apache.cxf.services.sts. I am plugging a org.apache.ws.security.validate.UsernameTokenValidator subclass as the Validator in the org.apache.cxf.sts.token.validator.UsernameTokenValidator class. I was hoping to store some state generated in my org.apache.ws.security.validate.UsernameTokenValidator instance in the ServletRequest, which I hoped to pull out of the RequestData instance passed to the org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameToken,RequestData) method via the getMsgContext() method in the RequestData class. Yet getMsgContext() always returns null. I notice that the org.apache.cxf.sts.token.validator.UsernameTokenValidator does not populate this field by using the getWebServiceContext().getMessageContext() calls on the TokenValidatorParameters instance passed to validateToken method. I noticed that the SAMLTokenValidator does not do this either. Is this a bug (for which I could submit a patch?), or am I missing something?
The PhaseInterceptorChain.getCurrentMessage() work-around works. Dirk -- View this message in context: http://cxf.547215.n5.nabble.com/UsernameTokenValidator-tp5707938p5737823.html Sent from the cxf-user mailing list archive at Nabble.com.
