Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: 2.0 M2
    • Component/s: None
    • Labels:
      None

      Description

      I'd like to upgrade to spring security 3.0.0.M1, but spring ws security does not have support for it yet.

        Issue Links

          Activity

          npadgett Nick Padgett created issue -
          Hide
          npadgett Nick Padgett added a comment -

          Spring 3.0.0.RC1 now.

          Show
          npadgett Nick Padgett added a comment - Spring 3.0.0.RC1 now.
          arjen.poutsma Arjen Poutsma made changes -
          Field Original Value New Value
          Fix Version/s 2.0 [ 10981 ]
          Hide
          npadgett Nick Padgett added a comment -

          Spring Security 3.0.2 is now out.

          Show
          npadgett Nick Padgett added a comment - Spring Security 3.0.2 is now out.
          arjen.poutsma Arjen Poutsma made changes -
          Fix Version/s 2.0 GA [ 10981 ]
          Fix Version/s 2.0 M2 [ 11390 ]
          Assignee Arjen Poutsma [ arjen.poutsma ] Tareq Abedrabbo [ tareq ]
          arjen.poutsma Arjen Poutsma made changes -
          Link This issue is duplicated by SWS-606 [ SWS-606 ]
          Hide
          olo Aleksander Adamowski added a comment -

          Here's a patch that does most of the trivial work updating artifact version numbers in POMs and class FQDNs in sources.

          There's still the non trivial issue stemming from the fact that the deprecated class X509AuthenticationToken was in use and it has been removed in 3.0:

          [INFO] -------------------------------------------------------------
          [ERROR] COMPILATION ERROR :
          [INFO] -------------------------------------------------------------
          [ERROR] spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java:[31,50] package org.springframework.security.providers.x509 does not exist

          [ERROR] spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java:[99,63] cannot find symbol
          symbol : class X509AuthenticationToken
          location: class org.springframework.ws.soap.security.xwss.callback.SpringCertificateValidationCallbackHandler.SpringSecurityCertificateValidator

          [INFO] 2 errors
          [INFO] -------------------------------------------------------------
          [INFO] ------------------------------------------------------------------------
          [ERROR] BUILD FAILURE
          [INFO] ------------------------------------------------------------------------
          [INFO] Compilation failure

          spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java:[31,50] package org.springframework.security.providers.x509 does not exist

          spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java:[99,63] cannot find symbol
          symbol : class X509AuthenticationToken
          location: class org.springframework.ws.soap.security.xwss.callback.SpringCertificateValidationCallbackHandler.SpringSecurityCertificateValidator

          Show
          olo Aleksander Adamowski added a comment - Here's a patch that does most of the trivial work updating artifact version numbers in POMs and class FQDNs in sources. There's still the non trivial issue stemming from the fact that the deprecated class X509AuthenticationToken was in use and it has been removed in 3.0: [INFO] ------------------------------------------------------------- [ERROR] COMPILATION ERROR : [INFO] ------------------------------------------------------------- [ERROR] spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java: [31,50] package org.springframework.security.providers.x509 does not exist [ERROR] spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java: [99,63] cannot find symbol symbol : class X509AuthenticationToken location: class org.springframework.ws.soap.security.xwss.callback.SpringCertificateValidationCallbackHandler.SpringSecurityCertificateValidator [INFO] 2 errors [INFO] ------------------------------------------------------------- [INFO] ------------------------------------------------------------------------ [ERROR] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Compilation failure spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java: [31,50] package org.springframework.security.providers.x509 does not exist spring-ws/trunk/security/src/main/java/org/springframework/ws/soap/security/xwss/callback/SpringCertificateValidationCallbackHandler.java: [99,63] cannot find symbol symbol : class X509AuthenticationToken location: class org.springframework.ws.soap.security.xwss.callback.SpringCertificateValidationCallbackHandler.SpringSecurityCertificateValidator
          olo Aleksander Adamowski made changes -
          Hide
          olo Aleksander Adamowski added a comment -

          BTW, most of the hard work on updating class FQDNs has been done using the Spring API Updater script: http://code.google.com/p/spring-api-updater/

          You might find it useful in other migrations to Spring 3.0 and possibly contribute enhancements to it.

          Show
          olo Aleksander Adamowski added a comment - BTW, most of the hard work on updating class FQDNs has been done using the Spring API Updater script: http://code.google.com/p/spring-api-updater/ You might find it useful in other migrations to Spring 3.0 and possibly contribute enhancements to it.
          Hide
          arjen.poutsma Arjen Poutsma added a comment -

          Thanks! I really appreciate it.

          We will take a look at the X509AuthenticationToken issue for 2.0 M2.

          Show
          arjen.poutsma Arjen Poutsma added a comment - Thanks! I really appreciate it. We will take a look at the X509AuthenticationToken issue for 2.0 M2.
          Hide
          olo Aleksander Adamowski added a comment -

          This is how I understand the X509AuthenticationToken issue:

          1) X509AuthenticationToken and the whole org.acegisecurity.providers.x509 has been deprecated in Spring 2.0, probably because the only significant consumer of their API was Spring-WS (at least, Google Code Search doesn't find any others),
          2) The replacement, X509AuthenticationFilter seems to be built around the servlet infrastructure and seems to assume that we're dealing with HTTPS - which is not the case in Spring-WS:

              private X509Certificate extractClientCertificate(HttpServletRequest request) {
                X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");

          3) Spring-WS still needs X509AuthenticationToken ot a substitute thereof for its proper operation.

          From 1, 2 and 3 it seems to me that X509AuthenticationToken code should not be thrown out, but should find its new home in the sources of Spring-WS, which have been its sole consumer to date.

          Show
          olo Aleksander Adamowski added a comment - This is how I understand the X509AuthenticationToken issue: 1) X509AuthenticationToken and the whole org.acegisecurity.providers.x509 has been deprecated in Spring 2.0, probably because the only significant consumer of their API was Spring-WS (at least, Google Code Search doesn't find any others), 2) The replacement, X509AuthenticationFilter seems to be built around the servlet infrastructure and seems to assume that we're dealing with HTTPS - which is not the case in Spring-WS: private X509Certificate extractClientCertificate(HttpServletRequest request) { X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); 3) Spring-WS still needs X509AuthenticationToken ot a substitute thereof for its proper operation. From 1, 2 and 3 it seems to me that X509AuthenticationToken code should not be thrown out, but should find its new home in the sources of Spring-WS, which have been its sole consumer to date.
          arjen.poutsma Arjen Poutsma made changes -
          Link This issue is duplicated by SWS-611 [ SWS-611 ]
          Hide
          olo Aleksander Adamowski added a comment -

          Attaching a patch with the X.509 classes from Spring Security 2 migrated into Spring-WS 2.

          This version of Spring-WS 2 makes my Spring-WS 1.5 application that employs WS-Security with certificates work again.

          Show
          olo Aleksander Adamowski added a comment - Attaching a patch with the X.509 classes from Spring Security 2 migrated into Spring-WS 2. This version of Spring-WS 2 makes my Spring-WS 1.5 application that employs WS-Security with certificates work again.
          olo Aleksander Adamowski made changes -
          tareq Tareq Abedrabbo made changes -
          Summary Add Spring Security 3.0.0.M1 Support for Spring WS Security Upgrade Spring Security to 3.0.2
          Hide
          tareq Tareq Abedrabbo added a comment -

          Done. Thanks for the patch!

          Show
          tareq Tareq Abedrabbo added a comment - Done. Thanks for the patch!
          tareq Tareq Abedrabbo made changes -
          Resolution Complete [ 8 ]
          Status Open [ 1 ] Resolved [ 5 ]
          Hide
          arjen.poutsma Arjen Poutsma added a comment -

          Closing old issues

          Show
          arjen.poutsma Arjen Poutsma added a comment - Closing old issues
          arjen.poutsma Arjen Poutsma made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Resolved Resolved
          265d 15h 10m 1 Tareq Abedrabbo 19/May/10 9:25 PM
          Resolved Resolved Closed Closed
          715d 9h 38m 1 Arjen Poutsma 04/May/12 7:03 AM

            People

            • Assignee:
              tareq Tareq Abedrabbo
              Reporter:
              npadgett Nick Padgett
            • Votes:
              12 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: