Hi all-
I’m working on a project that has recently been migrated to Java 11, and uses jaxws-rt-2.3.2 for SOAP communication.
With Java 8, we had a workaround for the JDK bug here: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6626700
The default Authenticator (global) was caching credentials,
and we used this code to clear it per the workaround:
AuthCacheValue.setAuthCache(new AuthCacheImpl());
This is no longer a viable option with Java 11, as the
setAuthCache() API is no longer visible or available.
JDK 9+ has added a method to java.net.HttpURLConnection,
setAuthenticator, which we believe will allow us to use our custom
Authenticator instead of the default. [ https://bugs.openjdk.java.net/browse/JDK-4303463]
We’re using jaxws-rt, and we see that there is no way for us
to access the HttpURLConnection from outside the library, so I am looking at
forking and modifying your library code. Specifically, adding code to
HttpClientTransport::createHttpConnection like this:
Authenticator auth =
(Authenticator)context.invocationProperties.get(BindingProviderProperties.CUSTOM_AUTHENTICATOR);
if (auth != null) {
httpConnection.setAuthenticator(auth);
}
where CUSTOM_AUTHENICATOR points to our Authenticator
implementation.
And now to my many questions:
1) Does
this seem like a sound approach, or have any of you encountered this issue and
solved it in a different way?
2) I’ve
used Git/Eclipse to download the source code and build with Maven. But, I run
into compatibility issues because the setAuthenticator() method is JDK9+ and it
looks like the base.java.level of the parent .pom is 8, so the compilation fails
with unknown symbol. I tried to up base to jdk 9, but then the code fails to
compile with other compatibility errors. Is there a way to achieve my goal of
adding this code?
3) If
1 and/or 2 are viable options, what are the licensing ramifications of using a
modified version of the library? We’ve never done this before, so that is
unclear to us.
Thanks for any input/advice,
Nancy Bosecker