Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-661

XwsSecurityInterceptor.processor.handler incorrect and does not match XwsSecurityInterceptor.callbackHandler

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Deferred
    • Affects Version/s: 1.5.8
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None

      Description

      In my client I have a Facade class that provides a simplified facade client API to my service.
      The Facade class uses a WebServiceTemplate with a XwsSecurityInterceptor to use WSS for basic authentication.
      There are multiple instances of the Facade in my client so it can talk to multiple services.
      Therefor I use scope="prototype" for the beans supporting the Facade class.

      At runtime I observe that the wrong handler is being called during authentication sequence. Upon debugging I observe that the XwsSecurityInterceptor.processor.handler is set incorrectly for the XwsSecurityInterceptor and does not match XwsSecurityInterceptor.callbackHandler. Thus authentication fails to behave correctly.

      I suspect that multiple beans (due to scope="prototype") are somehow tripping some code and mixing up or overwriting the XwsSecurityInterceptor.processor.handler or possibly XwsSecurityInterceptor.processor.

      Note the hack in bean config is because there was no way to get the callbackHandler from the XwsSecurityInterceptor in spring-ws-secuurity-1.5.8 so I set it within the constructor of Facade overwriting the handler set in bean configuration. I set the "real" handler outside bean config because I could not figure out how to use a ref to the same prototype scoped CallbackHandlerImpl bean in both the facade and the clientSecurityInterceptor (it sets two different instances otherwise).

          <bean id="jaxb2Marshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
            ...
          </bean>
          
          <bean id="facade" class="org.acme.client.Facade" scope="prototype">
              <property name="webServiceTemplate"  ref="soapWebServiceTemplate"/>
          </bean>
          
          <bean id="soapWebServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate" scope="prototype">
            <property name="marshaller" ref="jaxb2Marshaller"/>
            <property name="unmarshaller" ref="jaxb2Marshaller"/>
            <property name="interceptors" ref="clientSecurityInterceptor"/>
          </bean>
      
          <bean id="clientSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor" scope="prototype">
              <property name="secureResponse" value="false"/>
              <property name="policyConfiguration" value="classpath:clientSecurityPolicy.xml"/>
      
              <!--
              Hack: This handler instance is replaced by handler in FacadeWSImpl and exist only to satisfy assertion in 
              XwsSecurityInterceptor
              -->
              <property name="callbackHandler" ref="callbackHandler"/>
          </bean>
      
          <bean id="callbackHandler" class="org.acme.client.CallbackHandlerImpl" scope="singleton" />
      
      

        Attachments

          Activity

            People

            Assignee:
            tareq Tareq Abedrabbo
            Reporter:
            farrukh_najmi Farrukh Najmi
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: