Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SpringPlainTextPasswordValidationCallbackHandler [SWS-805] #885

Closed
gregturn opened this issue Oct 21, 2012 · 4 comments
Closed

SpringPlainTextPasswordValidationCallbackHandler [SWS-805] #885

gregturn opened this issue Oct 21, 2012 · 4 comments
Assignees

Comments

@gregturn
Copy link
Member

@gregturn gregturn commented Oct 21, 2012

Benjamin Morgan opened SWS-805 and commented

The wss4j plain text password validation callback handler (org.springframework.ws.soap.security.wss4j.callback.SpringPlainTextPasswordValidationCallbackHandler) has been removed from the latest production version - 2.1.1

It appears to have been deleted in the unreleased tag 2.0.6 but is still referenced in the reference documentation. This class is also missing from trunk in svn.

Has this functionality been replaced and the documentation requires updating or is this an oversight?

I discovered this when upgrading to the latest version of spring ws.

For reference here are the urls:

2.0.5 svn - https://src.springframework.org/svn/spring-ws/tags/spring-ws-2.0.5.RELEASE/security/src/main/java/org/springframework/ws/soap/security/wss4j/callback/SpringPlainTextPasswordValidationCallbackHandler.java

Reference documentation - http://static.springsource.org/spring-ws/site/reference/html/security.html#security-wss4j-security-interceptor


Affects: 2.1.1

Referenced from: commits d7ed005

@gregturn
Copy link
Member Author

@gregturn gregturn commented Nov 5, 2012

Arjen Poutsma commented

As stated in the release notes, the SpringDigestPasswordValidationCallbackHandler and SpringPlainTestPasswordValidationCallbackHandler have been merged into SpringSecurityPasswordValidationCallbackHandler, which works the same way as the SpringDigestPasswordValidationCallbackHandler (i.e. supply it with a UserDetailsService).

@gregturn
Copy link
Member Author

@gregturn gregturn commented Nov 5, 2012

Benjamin Morgan commented

Thanks Arjen,

The documentation still seems to be out of date:

http://static.springsource.org/spring-ws/site/reference/html/security.html#security-wss4j-security-interceptor

It now has the right class in the sample configuration but the sample configuration still shows an AuthenticationManager. The SpringPlainTextPasswordValidationCallbackHandler only has a user details service not AuthenticationManager.

<beans>
<bean id="springSecurityHandler"
class="org.springframework.ws.soap.security.wss4j.callback.SpringPlainTextPasswordValidationCallbackHandler">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<bean class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
</property>
</bean>
<bean id="userDetailsService" class="com.mycompany.app.dao.UserDetailService" />
...
</beans>

@gregturn
Copy link
Member Author

@gregturn gregturn commented Nov 6, 2012

Arjen Poutsma commented

You're right, I'll correct the documentation right now.

@gregturn
Copy link
Member Author

@gregturn gregturn commented Nov 6, 2012

Arjen Poutsma commented

Fixed!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.