SecurityContext does not clear the credentials of a SOAP-Gateway in FSW
SecurityContext does not clear the credentials of a SOAP-Gateway. Consecutive calls to the gateway add the credentials of each call. If we want to extract the credentials later in the exchange we get wrong(previously added) credentials.
Cause: SecurityContext is a InheritableThreadLocal, so the object is reused for each call with the same thread (http thread).
Credentials in the SecurityContext should be empty on each call of the InboundHandler (SOAP).
The problem is a result of a misbehavior of the class
SecurityHandlerhandles the lifecycle of the SecurityContext. and is responsible for cleaning up the credentials. This is not handled correctly.
- Red Hat JBoss Fuse Service Works (FSW)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.