Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-52

ACEGI authorization with IssuerSerial-based certificates

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 1.0 M2
    • Fix Version/s: 1.0 M3
    • Component/s: None
    • Labels:
      None

      Description

      It is not possible to perform ACEGI certificate-based processing in Spring-WS (1.0 M2) when the certificate is not embedded in the header of the SOAP message.

      When a certificate is embedded in a message, only CertificateValidationCallbacks are passed to the callback handlers. When a certificate is not embedded in the message (i.e., IssuerSerial reference), only SignatureVerificationKeyCallbacks are passed to the handlers. The KeyStoreCallbackHandler understands this one, and it does its job just fine: the certificate is found if already known to the server. The problem is that the ACEGI handler (AcegiCertificateValidationCallbackHandler) is not invoked, since it only understands the CertificateValidationCallback. So there is no way to configure the ACEGI security context unless the certificate is embedded in the message.

      Possible solutions:

      • Modify AcegiCertificateValidationCallbackHandler to also process SignatureVerificationKeyCallback
      • Create and use a new handler to perform ACEGI processing that accepts SignatureVerificationKeyCallback
      • Somehow cause XWSS to fire off a CertificateValidationCallback when the certificate is IssuerSerial

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                arjen.poutsma Arjen Poutsma
                Reporter:
                wlsmith Wayne L. Smith
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: