Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-708

PayloadValidatingInterceptor errors not clearing SecurityContextHolder

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0 GA
    • Fix Version/s: 1.5.10, 2.0.2
    • Component/s: Security
    • Labels:
      None

      Description

      I have Validtion Interecptor first and SecurityInterceptor Later in the sequence.

      When response has validation errors some how SecurityConextHolder has old previous authenticated user Information.

      When there are NO response validation errors SecurityContextHolder is clean.

      I am guessing that when PayloadValidatingInterceptor has errors which is causing not to clean up thread local ?

      Once the request is complete all thread context should be nulled out and give back to pool. It does that there are no reponse validation errors but doesn't do that when there are response validation errors. I tried to debug the code , all the way to MessageDispatcherServlet but didn't find any clue.

      Here is my configuration

      <sws:interceptors>
       
       
              <bean id="wsSecurityInterceptor" class="com.mycompancy.MyXwsSecurityInterceptor">
                  
                  <property name="secureResponse" value="false"/>
                  <property name="policyConfiguration"
                            value="/WEB-INF/spring/securityPolicy.xml"/>
                  <property name="callbackHandlers">
                      <list>
                          <bean class="com.mycompancy.security.MySpringDigestPasswordValidationCallbackHandler">
                              <property name="userDetailsService" ref="securityService"/>
                              <property name="userCache" ref="userCache"/>
                          </bean>
                      </list>
                  </property>
              </bean>
       
       
              <bean class="com.mycompancy.util.MyLoggingInterceptor"/>
              <bean class="org.springframework.ws.soap.server.endpoint.interceptor.PayloadValidatingInterceptor"
                    p:validateRequest="true" p:validateResponse="true">
                  <property name="schemas">
                      <list>
                          <value>/WEB-INF/schema/customer.xsd</value>
                          <value>/WEB-INF/schema/users.xsd</value>
                          <value>/WEB-INF/schema/userDetails.xsd</value>
                      </list>
                  </property>
              </bean>
          </sws:interceptors>

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open In Progress In Progress
        11h 10m 1 Arjen Poutsma 10/May/11 2:54 AM
        In Progress In Progress Resolved Resolved
        1h 3m 1 Arjen Poutsma 10/May/11 3:57 AM
        Resolved Resolved Reopened Reopened
        8d 3h 25m 1 Arjen Poutsma 18/May/11 7:23 AM
        Reopened Reopened Resolved Resolved
        34s 1 Arjen Poutsma 18/May/11 7:24 AM
        Resolved Resolved Closed Closed
        351d 23h 39m 1 Arjen Poutsma 04/May/12 7:03 AM

          People

          • Assignee:
            arjen.poutsma Arjen Poutsma
            Reporter:
            harshi Harshi
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: