Spring Web Services
  1. Spring Web Services
  2. SWS-805

SpringPlainTextPasswordValidationCallbackHandler

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Invalid
    • Affects Version/s: 2.1.1
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Environment:
      N/A

      Description

      The wss4j plain text password validation callback handler (org.springframework.ws.soap.security.wss4j.callback.SpringPlainTextPasswordValidationCallbackHandler) has been removed from the latest production version - 2.1.1

      It appears to have been deleted in the unreleased tag 2.0.6 but is still referenced in the reference documentation. This class is also missing from trunk in svn.

      Has this functionality been replaced and the documentation requires updating or is this an oversight?

      I discovered this when upgrading to the latest version of spring ws.

      For reference here are the urls:

      2.0.5 svn - https://src.springframework.org/svn/spring-ws/tags/spring-ws-2.0.5.RELEASE/security/src/main/java/org/springframework/ws/soap/security/wss4j/callback/SpringPlainTextPasswordValidationCallbackHandler.java

      Reference documentation - http://static.springsource.org/spring-ws/site/reference/html/security.html#security-wss4j-security-interceptor

        Activity

        Hide
        Arjen Poutsma added a comment -

        As stated in the release notes, the SpringDigestPasswordValidationCallbackHandler and SpringPlainTestPasswordValidationCallbackHandler have been merged into SpringSecurityPasswordValidationCallbackHandler, which works the same way as the SpringDigestPasswordValidationCallbackHandler (i.e. supply it with a UserDetailsService).

        Show
        Arjen Poutsma added a comment - As stated in the release notes , the SpringDigestPasswordValidationCallbackHandler and SpringPlainTestPasswordValidationCallbackHandler have been merged into SpringSecurityPasswordValidationCallbackHandler, which works the same way as the SpringDigestPasswordValidationCallbackHandler (i.e. supply it with a UserDetailsService).
        Hide
        Benjamin Morgan added a comment -

        Thanks Arjen,

        The documentation still seems to be out of date:

        http://static.springsource.org/spring-ws/site/reference/html/security.html#security-wss4j-security-interceptor

        It now has the right class in the sample configuration but the sample configuration still shows an AuthenticationManager. The SpringPlainTextPasswordValidationCallbackHandler only has a user details service not AuthenticationManager.

        <beans>
        <bean id="springSecurityHandler"
        class="org.springframework.ws.soap.security.wss4j.callback.SpringPlainTextPasswordValidationCallbackHandler">
        <property name="authenticationManager" ref="authenticationManager"/>
        </bean>

        <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
        <property name="providers">
        <bean class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="userDetailsService"/>
        </bean>
        </property>
        </bean>

        <bean id="userDetailsService" class="com.mycompany.app.dao.UserDetailService" />
        ...
        </beans>

        Show
        Benjamin Morgan added a comment - Thanks Arjen, The documentation still seems to be out of date: http://static.springsource.org/spring-ws/site/reference/html/security.html#security-wss4j-security-interceptor It now has the right class in the sample configuration but the sample configuration still shows an AuthenticationManager. The SpringPlainTextPasswordValidationCallbackHandler only has a user details service not AuthenticationManager. <beans> <bean id="springSecurityHandler" class="org.springframework.ws.soap.security.wss4j.callback.SpringPlainTextPasswordValidationCallbackHandler"> <property name="authenticationManager" ref="authenticationManager"/> </bean> <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager"> <property name="providers"> <bean class="org.springframework.security.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="userDetailsService"/> </bean> </property> </bean> <bean id="userDetailsService" class="com.mycompany.app.dao.UserDetailService" /> ... </beans>
        Hide
        Arjen Poutsma added a comment -

        You're right, I'll correct the documentation right now.

        Show
        Arjen Poutsma added a comment - You're right, I'll correct the documentation right now.
        Hide
        Arjen Poutsma added a comment -

        Fixed!

        Show
        Arjen Poutsma added a comment - Fixed!

          People

          • Assignee:
            Arjen Poutsma
            Reporter:
            Benjamin Morgan
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: