SecurityContext does not clear the credentials of a SOAP-Gateway in FSW

Solution Unverified - Updated -


  • SecurityContext does not clear the credentials of a SOAP-Gateway. Consecutive calls to the gateway add the credentials of each call. If we want to extract the credentials later in the exchange we get wrong(previously added) credentials.
    Cause: SecurityContext is a InheritableThreadLocal, so the object is reused for each call with the same thread (http thread).

  • Credentials in the SecurityContext should be empty on each call of the InboundHandler (SOAP).

  • The problem is a result of a misbehavior of the class org.switchyard.handlers.SecurityHandler.
    The SecurityHandler handles the lifecycle of the SecurityContext. and is responsible for cleaning up the credentials. This is not handled correctly.


  • Red Hat JBoss Fuse Service Works (FSW)
    • 6.0.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content