Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-708

PayloadValidatingInterceptor errors not clearing SecurityContextHolder

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0 GA
    • Fix Version/s: 1.5.10, 2.0.2
    • Component/s: Security
    • Labels:
      None

      Description

      I have Validtion Interecptor first and SecurityInterceptor Later in the sequence.

      When response has validation errors some how SecurityConextHolder has old previous authenticated user Information.

      When there are NO response validation errors SecurityContextHolder is clean.

      I am guessing that when PayloadValidatingInterceptor has errors which is causing not to clean up thread local ?

      Once the request is complete all thread context should be nulled out and give back to pool. It does that there are no reponse validation errors but doesn't do that when there are response validation errors. I tried to debug the code , all the way to MessageDispatcherServlet but didn't find any clue.

      Here is my configuration

      <sws:interceptors>
       
       
              <bean id="wsSecurityInterceptor" class="com.mycompancy.MyXwsSecurityInterceptor">
                  
                  <property name="secureResponse" value="false"/>
                  <property name="policyConfiguration"
                            value="/WEB-INF/spring/securityPolicy.xml"/>
                  <property name="callbackHandlers">
                      <list>
                          <bean class="com.mycompancy.security.MySpringDigestPasswordValidationCallbackHandler">
                              <property name="userDetailsService" ref="securityService"/>
                              <property name="userCache" ref="userCache"/>
                          </bean>
                      </list>
                  </property>
              </bean>
       
       
              <bean class="com.mycompancy.util.MyLoggingInterceptor"/>
              <bean class="org.springframework.ws.soap.server.endpoint.interceptor.PayloadValidatingInterceptor"
                    p:validateRequest="true" p:validateResponse="true">
                  <property name="schemas">
                      <list>
                          <value>/WEB-INF/schema/customer.xsd</value>
                          <value>/WEB-INF/schema/users.xsd</value>
                          <value>/WEB-INF/schema/userDetails.xsd</value>
                      </list>
                  </property>
              </bean>
          </sws:interceptors>

        Activity

          People

          • Assignee:
            arjen.poutsma Arjen Poutsma
            Reporter:
            harshi Harshi
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: