JAX-WS Client inside Wildfly - Reuses previous basic authentication

[eng.dan...@gmail.com]

I'm facing an issue on a server running wildfly 16 final.

On this server i have an EJB that invokes a public webservice secured with basic authentication.
This web service is called several times during the day with various credentials according to application business logic.
The web service client (jax-ws client) was generated with wsimport.
After some time (not sure what triggers this issue) the client ignores the credentials that i provide in the code and reuses a previous credential.

Example of my code:

public String invokeService(String username, String password, String endpoint) {
MyService service = new MyService(new AddressingFeature(false));
MyServicePort port = service.getPort();

BindingProvider prov = (BindingProvider) port;
Map<String, Object> context = prov.getRequestContext();
context.put(BindingProvider.USERNAME_PROPERTY, username);
context.put(BindingProvider.PASSWORD_PROPERTY, password);
context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);

String result = port.getSomeInformation();
((Closeable) port).close();

return result;
}

On my standalone.xml, i added

<property name="org.apache.cxf.logging.enabled" value="true"/>

And the funny thing is that on server log, i see the username and password that i provided to my invokeService method.

14:44:20,311 INFO  [org.apache.cxf.services.xxx.REQ_OUT] (default task-8078) REQ_OUT
    Address: https://endpoint
    HttpMethod: POST
    Content-Type: text/xml
    ExchangeId: xxx
    ServiceName: xxx
    PortName: xxx
    PortTypeName: xxx
    Headers: {Authorization=Basic <username:password base64 encoded>, SOAPAction="", Accept=*/*, Connection=close}

But, when i activate wireshark to monitor network packets, i verified that the Authorization header is different from the one logged by CXF.

With the help of Alessio Soldano, i checked this https://docs.jboss.org/author/display/WFLY/Apache%20CXF%20integration.html
and tried to change Bus selection strategies adding to my standalone.xml

<property name="org.jboss.ws.cxf.jaxws-client.bus.strategy" value="NEW_BUS"/> but without success.

I also tried to change my code:

public String invokeService(String username, String password, String endpoint) {

Bus bus = null;

try{

bus = BusFactory.newInstance().createBus();
BusFactory.setThreadDefaultBus(bus);

MyService service = new MyService(new AddressingFeature(false));
MyServicePort port = service.getPort();

BindingProvider prov = (BindingProvider) port;
Map<String, Object> context = prov.getRequestContext();
context.put(BindingProvider.USERNAME_PROPERTY, username);
context.put(BindingProvider.PASSWORD_PROPERTY, password);
context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);

String result = port.getSomeInformation();
((Closeable) port).close();

return result;
}finally {
if(bus != null)
bus.shutdown(true);
}
}

But this also doesn't fix the issue. Not sure if this is a wildfly bug or apache cxf, or even something wrong with my code.

I really appreciate some help to fix this or point me in the right direction.

Thanks

[Bartosz Baranowski]

Would it be possible to reproduce/check on latest WFLY? Unless someone is running 16, I doubt anyone will dive into 4 year old server to search for possible bug that might have already been fixed.