Hi Kiren,
sorry for a delay.
is the actual security context is returned as null or it does not report
a user principal ?
If it is the latter then it would explain it, the default
SecurityContext is set at the HTTP transport level which is bypassed in
the local case.
What you can do though is to register a pre-matching
ContainerRequestFilter and set a custom SecurityContext from there; the
filter has the access to UriInfo, so you can check if the address is not
http-based and then set a custom context to cover the local path...
HTH
Sergey
On 04/05/15 16:17, Kiren Pillay wrote:
Hi All,
I have a Webclient in one application calling a local endpoint of another
application in the same container.
It seems that the security context is being lost in the local call. Is
there a way to preserve the Security Context?
//Working
1. WebClient localClient = WebClient.create(
"http://localhost:8080/xxx/rest";, "test","test", null);
//Not working
2. WebClient localClient =
WebClient.create("local://rsservice/xxx/rest", "test", "test", null);
//Code below breaks because it depends on the security worker
SecurityUser securityUser = securityWorker
.lookupSecurityUser(messageContext.getSecurityContext());
My application config below.
<!-- local transport -->
<jaxrs:server id="localRestContainer"
address="local://rsservice/xxx/rest"
transportId="http://cxf.apache.org/transports/local";>
<jaxrs:serviceBeans>
<ref bean="service1" />
<ref bean="service2" />
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="jaxbProvider" />
<ref bean="xxxExceptionMapper" />
<ref bean="xxxRuntimeExceptionMapper" />
</jaxrs:providers>
Regards
Kiren
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
