This is an automated email from the ASF dual-hosted git repository. ffang pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/main by this push: new dc08a738df [CXF-9004]Jetty12 : always use pre-saved HTTP_REQUEST from InMessage to populate SecurityContext (#1823) dc08a738df is described below commit dc08a738df3e10f133f4dc149c2cdbdf56ed8350 Author: Freeman(Yue) Fang <freeman.f...@gmail.com> AuthorDate: Fri Apr 19 16:17:40 2024 -0400 [CXF-9004]Jetty12 : always use pre-saved HTTP_REQUEST from InMessage to populate SecurityContext (#1823) --- .../cxf/transport/http/AbstractHTTPDestination.java | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java index c0771430de..566e05a1b3 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java @@ -408,14 +408,22 @@ public abstract class AbstractHTTPDestination SecurityContext httpSecurityContext = new SecurityContext() { public Principal getUserPrincipal() { - try { - return req.getUserPrincipal(); - } catch (Exception ex) { - return null; - } + //ensure we use req from the one saved in inMessage + //as this could be the cachedInput one in oneway and + //ReplyTo is specified when ws-addressing is used + //which means we need to switch thread context + //and underlying transport might discard any data on the original stream + HttpServletRequest reqFromInMessage = (HttpServletRequest)exchange.getInMessage().get(HTTP_REQUEST); + return reqFromInMessage.getUserPrincipal(); } public boolean isUserInRole(String role) { - return req.isUserInRole(role); + //ensure we use req from the one saved in inMessage + //as this could be the cachedInput one in oneway and + //ReplyTo is specified when ws-addressing is used + //which means we need to switch thread context + //and underlying transport might discard any data on the original stream + HttpServletRequest reqFromInMessage = (HttpServletRequest)exchange.getInMessage().get(HTTP_REQUEST); + return reqFromInMessage.isUserInRole(role); } };