Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: 2.0 M2
    • Component/s: None
    • Labels:
      None

      Description

      I'd like to upgrade to spring security 3.0.0.M1, but spring ws security does not have support for it yet.

        Issue Links

          Activity

          Hide
          npadgett Nick Padgett added a comment -

          Spring 3.0.0.RC1 now.

          Show
          npadgett Nick Padgett added a comment - Spring 3.0.0.RC1 now.
          Hide
          npadgett Nick Padgett added a comment -

          Spring Security 3.0.2 is now out.

          Show
          npadgett Nick Padgett added a comment - Spring Security 3.0.2 is now out.
          Hide
          olo Aleksander Adamowski added a comment -

          Here's a patch that does most of the trivial work updating artifact version numbers in POMs and class FQDNs in sources.

          There's still the non trivial issue stemming from the fact that the deprecated class X509AuthenticationToken was in use and it has been removed in 3.0:

          [INFO] -------------------------------------------------------------
          [ERROR] COMPILATION ERROR :
          [INFO] -------------------------------------------------------------
          [ERROR] spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java:[31,50] package org.springframework.security.providers.x509 does not exist

          [ERROR] spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java:[99,63] cannot find symbol
          symbol : class X509AuthenticationToken
          location: class org.springframework.ws.soap.security.xwss.callback.SpringCertificateValidationCallbackHandler.SpringSecurityCertificateValidator

          [INFO] 2 errors
          [INFO] -------------------------------------------------------------
          [INFO] ------------------------------------------------------------------------
          [ERROR] BUILD FAILURE
          [INFO] ------------------------------------------------------------------------
          [INFO] Compilation failure

          spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java:[31,50] package org.springframework.security.providers.x509 does not exist

          spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java:[99,63] cannot find symbol
          symbol : class X509AuthenticationToken
          location: class org.springframework.ws.soap.security.xwss.callback.SpringCertificateValidationCallbackHandler.SpringSecurityCertificateValidator

          Show
          olo Aleksander Adamowski added a comment - Here's a patch that does most of the trivial work updating artifact version numbers in POMs and class FQDNs in sources. There's still the non trivial issue stemming from the fact that the deprecated class X509AuthenticationToken was in use and it has been removed in 3.0: [INFO] ------------------------------------------------------------- [ERROR] COMPILATION ERROR : [INFO] ------------------------------------------------------------- [ERROR] spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java: [31,50] package org.springframework.security.providers.x509 does not exist [ERROR] spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java: [99,63] cannot find symbol symbol : class X509AuthenticationToken location: class org.springframework.ws.soap.security.xwss.callback.SpringCertificateValidationCallbackHandler.SpringSecurityCertificateValidator [INFO] 2 errors [INFO] ------------------------------------------------------------- [INFO] ------------------------------------------------------------------------ [ERROR] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Compilation failure spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java: [31,50] package org.springframework.security.providers.x509 does not exist spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java: [99,63] cannot find symbol symbol : class X509AuthenticationToken location: class org.springframework.ws.soap.security.xwss.callback.SpringCertificateValidationCallbackHandler.SpringSecurityCertificateValidator
          Hide
          olo Aleksander Adamowski added a comment -

          BTW, most of the hard work on updating class FQDNs has been done using the Spring API Updater script: http://code.google.com/p/spring-api-updater/

          You might find it useful in other migrations to Spring 3.0 and possibly contribute enhancements to it.

          Show
          olo Aleksander Adamowski added a comment - BTW, most of the hard work on updating class FQDNs has been done using the Spring API Updater script: http://code.google.com/p/spring-api-updater/ You might find it useful in other migrations to Spring 3.0 and possibly contribute enhancements to it.
          Hide
          arjen.poutsma Arjen Poutsma added a comment -

          Thanks! I really appreciate it.

          We will take a look at the X509AuthenticationToken issue for 2.0 M2.

          Show
          arjen.poutsma Arjen Poutsma added a comment - Thanks! I really appreciate it. We will take a look at the X509AuthenticationToken issue for 2.0 M2.
          Hide
          olo Aleksander Adamowski added a comment -

          This is how I understand the X509AuthenticationToken issue:

          1) X509AuthenticationToken and the whole org.acegisecurity.providers.x509 has been deprecated in Spring 2.0, probably because the only significant consumer of their API was Spring-WS (at least, Google Code Search doesn't find any others),
          2) The replacement, X509AuthenticationFilter seems to be built around the servlet infrastructure and seems to assume that we're dealing with HTTPS - which is not the case in Spring-WS:

              private X509Certificate extractClientCertificate(HttpServletRequest request) {
                X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");

          3) Spring-WS still needs X509AuthenticationToken ot a substitute thereof for its proper operation.

          From 1, 2 and 3 it seems to me that X509AuthenticationToken code should not be thrown out, but should find its new home in the sources of Spring-WS, which have been its sole consumer to date.

          Show
          olo Aleksander Adamowski added a comment - This is how I understand the X509AuthenticationToken issue: 1) X509AuthenticationToken and the whole org.acegisecurity.providers.x509 has been deprecated in Spring 2.0, probably because the only significant consumer of their API was Spring-WS (at least, Google Code Search doesn't find any others), 2) The replacement, X509AuthenticationFilter seems to be built around the servlet infrastructure and seems to assume that we're dealing with HTTPS - which is not the case in Spring-WS: private X509Certificate extractClientCertificate(HttpServletRequest request) { X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); 3) Spring-WS still needs X509AuthenticationToken ot a substitute thereof for its proper operation. From 1, 2 and 3 it seems to me that X509AuthenticationToken code should not be thrown out, but should find its new home in the sources of Spring-WS, which have been its sole consumer to date.
          Hide
          olo Aleksander Adamowski added a comment -

          Attaching a patch with the X.509 classes from Spring Security 2 migrated into Spring-WS 2.

          This version of Spring-WS 2 makes my Spring-WS 1.5 application that employs WS-Security with certificates work again.

          Show
          olo Aleksander Adamowski added a comment - Attaching a patch with the X.509 classes from Spring Security 2 migrated into Spring-WS 2. This version of Spring-WS 2 makes my Spring-WS 1.5 application that employs WS-Security with certificates work again.
          Hide
          tareq Tareq Abedrabbo added a comment -

          Done. Thanks for the patch!

          Show
          tareq Tareq Abedrabbo added a comment - Done. Thanks for the patch!
          Hide
          arjen.poutsma Arjen Poutsma added a comment -

          Closing old issues

          Show
          arjen.poutsma Arjen Poutsma added a comment - Closing old issues

            People

            • Assignee:
              tareq Tareq Abedrabbo
              Reporter:
              npadgett Nick Padgett
            • Votes:
              12 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: