Alessio Soldano created JBWS-3431: ------------------------------------- Summary: JBossWS-CXF integration hides Apache CXF WebServiceContext::getUserPrincipal implementation Key: JBWS-3431 URL: https://issues.jboss.org/browse/JBWS-3431 Project: JBoss Web Services Issue Type: Bug Security Level: Public (Everyone can see) Components: jbossws-cxf Reporter: Alessio Soldano Assignee: Alessio Soldano Fix For: jbossws-cxf-4.0.2 The JBossWS-CXF WebServiceContextFactory implementation returns an instance of org.jboss.ws.common.invocation.WebServiceContextAdapter wrapping the Apache CXF WebServiceContextImpl. That overrides the getUserPrincipal() and isUserInRole(String role) method, retrieving the information from the HttpServletRequest. While that's usually, fine, when running WS-Security apps, Apache CXF can get the principal through WSS4J / UsernameToken authentication; the WebServiceContextImpl has proper logic for checking that as well as the data coming from HttpServletRequest when the HTTPDestination is in use. So we need to use a WebServiceContextDelegate wrapper instead of the WebServiceContextAdapter, to avoid overriding the 2 methods above. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira