Daniel Kulp wrote:
On Tuesday 26 February 2008, Will Gomes wrote:
Is it possible with CXF to use single Proxy and be able to set the
user for UsernameToken before each invocation and be thread safe? All
examples I've seen so far sets the user on the interceptor once per
proxy. Can I specify callback for username, similar to the password?
Unforunately, at this point, the answer is no due to spec compliance
issues. You can read some of the discussion about it in JIRA:
https://issues.apache.org/jira/browse/CXF-1410
We're kind of debating which direction to go:
1) A separate proprietary "getThreadRequestContext()" call on a
proprietary interface.
2) A flag that would somehow flip the getRequestContext() call over to a
thread safe variety.
In either case, the behavoir would be proprietary to CXF as the spec (and
TCK) more or less requires the non-thread safe behavior to be the
default. :-(
I'd be interesting in hearing your opinions on the matter.
Second solution seems more portable. Could the WSS4JOutInterceptor be
made to make a callback to a UsernameCallbackHandler to retreive the
username and add to the message context? I assume the message is thread
safe when in the InterceptorChain. Also, i'm not sure the purpose of
having a password callback (aside from keeping passwords out of
config/code) if there is no associated username callback handler.
