Re: Webclient to local endpoint loses SecurityContext

Wed, 06 May 2015 04:30:42 -0700 

Hi Sergey,

Thanks for the reply! It does not report a user principal. I can try the
ContainerRequestFilter or if the UriInfo is also accessible from the
MessageContext I might be able to bypass the code that breaks as well.

Regards
Kiren

On Wed, May 6, 2015 at 12:47 PM, Sergey Beryozkin <[email protected]>
wrote:

> Hi Kiren,
>
> sorry for a delay.
> is the actual security context is returned as null or it does not report a
> user principal ?
>
> If it is the latter then it would explain it, the default SecurityContext
> is set at the HTTP transport level which is bypassed in the local case.
>
> What you can do though is to register a pre-matching
> ContainerRequestFilter and set a custom SecurityContext from there; the
> filter has the access to UriInfo, so you can check if the address is not
> http-based and then set a custom context to cover the local path...
>
> HTH
> Sergey
>
> On 04/05/15 16:17, Kiren Pillay wrote:
>
>> Hi All,
>>
>> I have a Webclient in one application calling a local endpoint of another
>> application in the same container.
>>
>> It seems that the security context is being lost in the local call. Is
>> there a way to preserve the  Security Context?
>>
>> //Working
>>        1.   WebClient localClient = WebClient.create(
>>                  "http://localhost:8080/xxx/rest";, "test","test", null);
>>
>> //Not working
>>         2.  WebClient localClient =
>> WebClient.create("local://rsservice/xxx/rest", "test", "test", null);
>>
>> //Code below breaks because it depends on the security worker
>>
>>          SecurityUser securityUser = securityWorker
>>
>> .lookupSecurityUser(messageContext.getSecurityContext());
>>
>> My application config below.
>>
>>
>> <!-- local transport -->
>>      <jaxrs:server id="localRestContainer"
>> address="local://rsservice/xxx/rest"
>>          transportId="http://cxf.apache.org/transports/local";>
>>          <jaxrs:serviceBeans>
>>              <ref bean="service1" />
>>              <ref bean="service2" />
>>          </jaxrs:serviceBeans>
>>          <jaxrs:providers>
>>              <ref bean="jaxbProvider" />
>>              <ref bean="xxxExceptionMapper" />
>>              <ref bean="xxxRuntimeExceptionMapper" />
>>          </jaxrs:providers>
>>
>> Regards
>> Kiren
>>
>>
>
> --
> Sergey Beryozkin
>
> Talend Community Coders
> http://coders.talend.com/
>
> Blog: http://sberyozkin.blogspot.com
>

Reply via email to