Webclient to local endpoint loses SecurityContext

Kiren Pillay Mon, 04 May 2015 08:18:16 -0700

Hi All,

I have a Webclient in one application calling a local endpoint of another
application in the same container.


It seems that the security context is being lost in the local call. Is
there a way to preserve the  Security Context?

//Working
      1.   WebClient localClient = WebClient.create(
                "http://localhost:8080/xxx/rest";, "test","test", null);

//Not working
       2.  WebClient localClient =
WebClient.create("local://rsservice/xxx/rest", "test", "test", null);

//Code below breaks because it depends on the security worker

        SecurityUser securityUser = securityWorker

.lookupSecurityUser(messageContext.getSecurityContext());

My application config below.


<!-- local transport -->
    <jaxrs:server id="localRestContainer"
address="local://rsservice/xxx/rest"
        transportId="http://cxf.apache.org/transports/local";>
        <jaxrs:serviceBeans>
            <ref bean="service1" />
            <ref bean="service2" />
        </jaxrs:serviceBeans>
        <jaxrs:providers>
            <ref bean="jaxbProvider" />
            <ref bean="xxxExceptionMapper" />
            <ref bean="xxxRuntimeExceptionMapper" />
        </jaxrs:providers>

Regards
Kiren

Webclient to local endpoint loses SecurityContext

Reply via email to