Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5423

Callbackhandlers and other resources aren't found if configured in blueprint config due to classloading issues

    XMLWordPrintableJSON

    Details

    • Estimated Complexity:
      Unknown

      Description

      Hi,

      While playing around with JAX-RS security in OSGi (following the guide at http://cxf.apache.org/docs/jax-rs-saml.html) I found that if I configure the ws-security.* props directly in blueprint none of the configured resources are found. A little debugging showed that the wrong classloader is used to load the Callbackhandlers and property files. Note this works fine for the jaxrs service but not for the jaxrs client.

      Blueprint config:

      <jaxrs:client id="bookStoreServiceClient"
      address="http://localhost:8040/services/bookStoreService"
      serviceClass="com.mycompany.demoRestServiceCommon.service.BookStore"
      inheritHeaders="true">
      <jaxrs:outInterceptors>
      <ref component-id="samlHeaderOutInterceptor"/>
      </jaxrs:outInterceptors>
      <jaxrs:properties>
      <entry key="ws-security.callback-handler"
      value="com.mycompany.demoRestServiceConsumer.PasswordCallbackHandler"/>
      <entry key="ws-security.saml-callback-handler"
      value="com.mycompany.demoRestServiceConsumer.SamlCallbackHandler"/>
      <entry key="ws-security.signature.username" value="client"/>
      <entry key="ws-security.signature.properties" value="clientKeystore.properties"/>
      </jaxrs:properties>
      </jaxrs:client>

      <bean id="samlHeaderOutInterceptor" class="com.mycompany.demoRestServiceConsumer.SamlOutInterceptor"/>

      I've overridden the SAMLHeaderOutInterceptor to show the problem and what needs to be done somewhere to fix it:

      public class SamlOutInterceptor extends SamlHeaderOutInterceptor {

      @Override
      public void handleMessage(Message message) throws Fault {
      ClassLoader classLoader = message.getExchange().getBus().getExtension(ClassLoader.class);
      ClassLoader tccl = Thread.currentThread().getContextClassLoader();
      try {
      if (classLoader != null)

      { Thread.currentThread().setContextClassLoader(classLoader); }

      I've implemented a hack
      super.handleMessage(message);
      } finally {
      //restore original classloader
      if (classLoader != null)

      { Thread.currentThread().setContextClassLoader(tccl); }

      }
      }
      }

        Attachments

          Activity

            People

            • Assignee:
              sergey_beryozkin Sergey Beryozkin
              Reporter:
              giger Marc Giger
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: