dynamic userame in Wss4jSecurityInterceptor

[duerrt]

Hi,

Spring WS 1.5.6

We using the WebServiceGatewaySupport (1.5.6) and Wss4Jinterceptor to secure client calls. Our application is a middleware app.
and make WS calls on behalf of many clients to many different servers. Each server/service has its own username/password.

Our application needs to dynamically set a username in the Wss4Jinterceptor. We have a password callback function that resolves the password for each username.


Our relevant config is as follows:

Code:

<bean id="messageFactory" class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory" />

    <bean id="omsWebServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
        <constructor-arg ref="messageFactory" />
        <property name="defaultUri" value="http://example.com/WebService" />
        <property name="messageSender" ref="httpSender" />
        <property name="interceptors">
            <list>
                <ref local="wsSecurityInterceptor" />
            </list>
        </property>
    </bean>

<bean id="wsSecurityInterceptor"
        class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
        <description>
            WSS4J uses no external configuration file; the interceptor is entirely
            configured by properties.
        </description>
        <property name="securementActions" value="UsernameToken"/>
        <property name="secureRequest" value="true"/>
        <property name="secureResponse" value="false"/>
        <property name="securementMustUnderstand" value="true"/>
        <property name="securementPasswordType" value="PasswordText"/>
        <property name="securementCallbackHandler">
            <ref local="passwordCallback"/>
        </property>
    </bean>

We're currently setting the securementusername in code like this
(This class extends WebServiceGatewaySupport) :

Code:

    
         ClientInterceptor[] ci = getWebServiceTemplate().getInterceptors();
         Wss4jSecurityInterceptor wsSec  = (Wss4jSecurityInterceptor)ci[0];
         wsSec.setSecurementUsername(userName);
         getWebServiceTemplate().setInterceptors(ci);

The problem with the above is that we have multiple threads running this code and the username is getting stomped. We're assuming there is a threading issue. Anyone else run into this?

Are we not using the WSS4j interceptor properly ? Is there another approach on how to do this ? We need to be able to dynamically specify a username for
each WS call.

Any help is much appreciated.

Thanks,
Tom

[duerrt]

In case this can help anyone else .......


Out workaround was fairly simple - we changed from singleton to prototype scope for the WebServiceGatewaySupport and Wss4Jinterceptor classes and we have the thread code instantiate each of these objects. This way each thread will have its own copy of the WebServiceGatewaySupport and Wss4Jinterceptor objects.


In the future, we may look at extending the Wss4Jinterceptor class and have it grab the username from thread local storage.

tom

[rsanghavi]

Hi Tom,

I know you posted this question and the answer long back. I am having a similar issue with my code. Can you please post an example or explain what you did (if you remember). It would be helpful.

Thank you!

-Rahul