Join GitHub today
SEC-2703: ChannelSecurityInterceptor should use ThreadLocal for InterceptorStatusToken #2928
I am running into a problem on how best to support around advice with ChannelInterceptor. Right now I have something like:
The problem is that the postSend needs to perform some cleanup based upon actions taken in the preSend. Right now I am returning a custom Message implementation that can be used to perform the cleanup. As I see it this may have a few problems.
One alternative would be to place the token in the header. However, it has some of the same problems since I would have to create a new Message instance (headers is immutable). More importantly, I worry about doing that since headers can be written to by the client which may expose some exploits.