[jbossws-issues] [JBoss JIRA] (JBWS-3431) JBossWS-CXF integration hides Apache CXF WebServiceContext::getUserPrincipal implementation
Alessio Soldano (JIRA)
jira-events at lists.jboss.org
Thu Feb 9 08:55:48 EST 2012
Alessio Soldano created JBWS-3431:
-------------------------------------
Summary: JBossWS-CXF integration hides Apache CXF WebServiceContext::getUserPrincipal implementation
Key: JBWS-3431
URL: https://issues.jboss.org/browse/JBWS-3431
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: jbossws-cxf
Reporter: Alessio Soldano
Assignee: Alessio Soldano
Fix For: jbossws-cxf-4.0.2
The JBossWS-CXF WebServiceContextFactory implementation returns an instance of org.jboss.ws.common.invocation.WebServiceContextAdapter wrapping the Apache CXF WebServiceContextImpl. That overrides the getUserPrincipal() and isUserInRole(String role) method, retrieving the information from the HttpServletRequest.
While that's usually, fine, when running WS-Security apps, Apache CXF can get the principal through WSS4J / UsernameToken authentication; the WebServiceContextImpl has proper logic for checking that as well as the data coming from HttpServletRequest when the HTTPDestination is in use.
So we need to use a WebServiceContextDelegate wrapper instead of the WebServiceContextAdapter, to avoid overriding the 2 methods above.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list