Spring Security
  1. Spring Security
  2. SEC-1032

x509 namespace configuration does not work in OSGi

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 2.0.4
    • Fix Version/s: 3.0.0 M1
    • Component/s: Namespace
    • Labels:
      None
    • Environment:
      Windows 2003, Java 6, Spring DM, Spring 2.5.5, Security 2.0.0 bundles from spring source repository

      Description

      We have two bundles,

      1. security-config
      2. UI

      The security-config creates the authentication manager and exports the _authenticationManager as a <osgi:service>
      The UI code imports the authentication manager using <osgi:reference> and sets up the <http> .. <x509> </http>

      Since the authManager is a osgi service, it is wrapped up in a osgi service proxy bean.

      The following piece of code in ConfigUtils.java,

      [code]
      if(parserContext.getRegistry().containsBeanDefinition(BeanIds.AUTHENTICATION_MANAGER))

      { return parserContext.getRegistry().getBeanDefinition(BeanIds.AUTHENTICATION_MANAGER); }

      [/code]

      retrieves the authManager and returns the BeanDefinition where the definition is for the proxy.

      [code]
      authManager.getPropertyValues().getPropertyValue("providers").getValue();
      [/code]
      and tries to retreive the providers property which is not available in the proxy and fails with 'NullPointerException'.

      Using spring security with regular <bean> format works fine.

        Activity

        Hide
        Luke Taylor added a comment -

        I don't really see any way round this - the namespace relies on the GUI authentication mechanism elements being able to modify the list of providers being maintained by the ProviderManager. If you choose to split the AuthenticationManager and the web security contexts into separate bundles then, as you say, all that is visible is the service interface, so that won't work. I think if you want to do that you'll just have to fall back to conventional bean syntax where necessary.

        Show
        Luke Taylor added a comment - I don't really see any way round this - the namespace relies on the GUI authentication mechanism elements being able to modify the list of providers being maintained by the ProviderManager. If you choose to split the AuthenticationManager and the web security contexts into separate bundles then, as you say, all that is visible is the service interface, so that won't work. I think if you want to do that you'll just have to fall back to conventional bean syntax where necessary.
        Hide
        Luke Taylor added a comment -

        Closing as "won't fix". If someone can come up with a suitable workaround/patch then please submit anew issue.

        Show
        Luke Taylor added a comment - Closing as "won't fix". If someone can come up with a suitable workaround/patch then please submit anew issue.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Saravanan Bellan
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: