[CXF-4052] Crypto cache issues and the PolicyBasedWSS4JInInterceptor used as a singleton - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.4.5, 2.5.2
Fix Version/s: 2.4.7, 2.5.3, 2.6
Component/s: WS-* Components
Labels:
None
Environment:

JBossWS-CXF integration, using Apache CXF 2.4.x

Estimated Complexity:
Unknown

Description

When using WS-Policy to setup WS-Security interceptors, the WSSecurityInterceptorProvider runs:

...
this.getInInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
this.getInFaultInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
...

which causes the same instance of PolicyBasedWSS4JInInterceptor to be added to any bus.
Unfortunately, the PolicyBasedWSS4JInInterceptor ends up extending org.apache.ws.security.handler.WSHandler which has a Map<String, Crypto> attribute. That is used whenever loading a Crypto instance and caches instances with keys basically given by the Merlin prop file name the user specified for the endpoint.
So, when having multiple deployments referencing properties files with the same name, the first crypto instance is always used.

If we want to keep the singleton approach on using the PolicyBasedWSS4JInInterceptor, we should probably at least use a different mechanism for creating keys so that prop files from different deployments are kept separate.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

cxf-4052.patch
26/Jan/12 11:31
6 kB
Colm O hEigeartaigh
cxf-4052-2.patch
07/Feb/12 19:41
9 kB
Colm O hEigeartaigh

Issue Links

relates to

CXF-4539 WS-Security inbound performance regression

Closed

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Alessio Soldano

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 23/Jan/12 15:29

Updated:: 03/Oct/12 09:16

Resolved:: 10/Feb/12 15:18