Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
After upgrading from spring-ws 1.5.9 to latest 2.1.4 I've noticed that org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor no longer exposes the setSecurementCallbackHandler(CallbackHandler securementCallbackHandler) method.
My project requires a custom callback in order to properly populate the WSPasswordCallback object, but this seems no longer possible with spring-ws 2.1.x as stated here:
I've analyzed the wss4j 1.6.5 source code and found something interesting in org.apache.ws.security.handler.WSHandler:
So it seems possible to specify a callbackHandler when WSHandlerConstants.PW_CALLBACK_CLASS or WSHandlerConstants.PW_CALLBACK_REF is specified (the first represents the className of the callback to instantiate, the second is the instance itself).
I choose to use the WSHandlerConstants.PW_CALLBACK_REF property, but it requires some changes in spring-ws code.
Firstly, org.springframework.ws.soap.security.wss4j.Wss4jHandler use Properties to store <String, String> pair of options for wss4j, so it's not possible to simply store a <WSHandlerConstants.PW_CALLBACK_REF, beanReference>. I've hacked a bit and created a simple workaround:
Secondly, I rewrote org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor in order to use my SecurementCallbackAwareWss4jHandler as "handler" instance and the simply re-add this setter:
With those 2 changes I'm able to reuse the "securementCallbackHandler" logic.
I hope those changes could help you