[
https://issues.apache.org/jira/browse/CXF-6036?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14163233#comment-14163233
]
Colm O hEigeartaigh commented on CXF-6036:
------------------------------------------
Could you create a test-case for the issue?
Colm.
> Multiple UsernameToken
> ----------------------
>
> Key: CXF-6036
> URL: https://issues.apache.org/jira/browse/CXF-6036
> Project: CXF
> Issue Type: Bug
> Components: JAX-WS Runtime
> Affects Versions: 2.7.11
> Reporter: Xiaoshu Wang
>
> Hi, I encountered a strange (bad as well) behavior using apache CXF. Here is
> the code that create the client.
> @Override
> public SearchRetrieveBasePerson getSearchClient() {
> SearchRetrieveBasePerson searchClient = getSearchService()
> .getSearchRetrieveBasePersonPort();
> HTTPConduit http = (HTTPConduit) client.getConduit();
> HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
> httpClientPolicy.setConnectionTimeout(1 * 90 * 1000);
> httpClientPolicy.setAllowChunking(false);
> httpClientPolicy.setReceiveTimeout(3 * 60 * 1000);
> http.setClient(httpClientPolicy);
> BindingProvider bp = (BindingProvider) searchClient;
> bp.getRequestContext().put("thread.local.request.context",
> "true");
> bp.getRequestContext().put("use.async.http.conduit",
> Boolean.FALSE);
> bp.getRequestContext().put("ws-security.username",
> getUsername());
> bp.getRequestContext().put("ws-security.password",
> getPassword());
> List headers = new ArrayList();
> Header auditingHeader;
> try {
> auditingHeader = new Header(new QName(
> "http://its.unc.edu/uncaudit";,
> "UNCAuditHeader"),
> getAuditHeader(), new
> JAXBDataBinding(UNCAuditHeader.class));
> headers.add(auditingHeader);
> bp.getRequestContext().put(Header.HEADER_LIST, headers);
> } catch (JAXBException e) {
> throw new RuntimeException(new PersonSvcClientException(
> "Unable to create UNCAuditHeader", e));
> }
>
> bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
> getSearchSoapAddress());
> return searchClient;
> }
> Note: the getSearchService() returns a singleton of CXF generated
> WebServiceClient.
> If I cached the returned client and use it for the subsequent requests, i.e.,
> using it as a singleton. Each request added an additional UsernameToken to
> the request. Here is the SOAP request on the 4th request. As you can see,
> there are four UsernameToken added to the Security header. I wonder if this
> is a bug or if I have done something improperly?
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
> <soap:Header>
> <OrgAuditHeader xmlns="http://my.org/audit";>
> <clientIP>0.0.0.0</clientIP>
> <requestedByUser>foo</requestedByUser>
> <requestedBySystem>BAR</requestedBySystem>
> </OrgAuditHeader>
> <wsse:Security soap:mustUnderstand="1"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847092141">
> <wsse:Username>SomeUserName</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>SomePassword</wsse:Password>
> </wsse:UsernameToken>
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847116982">
> <wsse:Username>SomeUserName</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>SomePassword</wsse:Password>
> </wsse:UsernameToken>
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847116983">
>
> <wsse:Username>SomeUserName</wsse:Username><wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>SomePassword</wsse:Password>
> </wsse:UsernameToken>
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="UsernameToken-331E565D0DAEB3B94B14126847116984">
> <wsse:Username>SomeUserName</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>SomePassword</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soap:Header>
> <soap:Body>
> <searchRetrieveBasePersonProcessRequest
> xmlns="http://my.org/common/Person/searchRetrieveBasePerson";
> xmlns:ns2="http://my.org/common/Person/core/1.6";
> xmlns:ns3="http://my.org/common/Person/fault"; xmlns:ns4="http://my.org/audit";>
> <PID>1234567</PID>
> </searchRetrieveBasePersonProcessRequest>
> </soap:Body>
> </soap:Envelope>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
