Wss4jSecurityInterceptor design [SWS-723]

[gregturn]

Pavel Král opened SWS-723 and commented

Wss4jSecurityInterceptor implementation has design restriction making it practically imposible to extend. While working on Kerberos extension in Wss4j, I have to add new properties to configure ServicePrincipalName etc. I suggest to:

• change scope from private to protected for method Wss4jSecurityInterceptor#initializeRequestData(messageContext) for ability to access ReqData custom properties or
• make Wss4jHandler public so it make sense to use generic set/getOptions in subclasses

---

Attachments:

• Wss4jSecurityInterceptor.patch (2.01 kB)

Referenced from: commits c906817

1 votes, 1 watchers

[gregturn]

Kyle Cronin commented

There is no way to get access to RequestData through any other means and therefore forced to use the default WSSConfig. Changing the scope of initializeRequestData would allow users to inject custom WSSconfig into the RequestData.

Attaching a patch where initializeRequestData is protected along with an additional enhancement to configure the WSSConfig for both the WSSecurityEngine and RequestData

[gregturn]

Pavel Král commented

Seems to be OK, will that patch be applied to the trunk ?

[gregturn]

Arjen Poutsma commented

Patch applied, thanks!

[gregturn]

Arjen Poutsma commented

Closing old issues