[SWS-648] Document Spring-WS Security exception handling Created: 01/Nov/10  Updated: 04/May/12  Resolved: 10/Nov/10

Status: Closed
Project: Spring Web Services
Component/s: Security
Affects Version/s: 1.5.7, 2.0 M3
Fix Version/s: 2.0 RC1, 1.5.10

Type: Improvement Priority: Minor
Reporter: Paul Nyheim Assignee: Arjen Poutsma
Resolution: Complete Votes: 0
Labels: None
Remaining Estimate: 0d
Time Spent: 0.15d
Original Estimate: Not Specified


 Description   

In SWS-549, the exceptionHandler property was introduced into the AbstractWSSecurityInterceptor.
This creates an inconsistency with the overall exceptionhandling architecture in Spring WS.

Instead of introducing the EndpointExceptionResolver in this Interceptor, would it not be better to just let the exception flow up to the MessageDispatcher, where the resolvers already are configured (with sensible defaults)

And as this is not documented anywhere unlike the exception resolving in the MessageDispatcher (http://static.springsource.org/spring-ws/sites/1.5/reference/html/server.html#server-endpoint-exception-resolver), it is too easy to miss out on or forget this extra configuration step.

In my opinion this could be done for both the client and endpoint handleRequest/handleResponse methods by just removing the catch clauses.
I would be happy to contribute a patch for this if needed.



 Comments   
Comment by Arjen Poutsma [ 01/Nov/10 ]

The problem here is that we'd like any security exception to result in a security-specific SOAP Fault by default. We can't do that in the default configuration of the MessageDispatcher (or exception resolvers), since the specific exceptions (WsSecurityValidationException and WsSecurityFaultException) are part of the spring-ws-security module.

So I agree that this is architecturally inconsistent, but I don't see any nice way out. Also note that we can't break backwards compatibility here.

Comment by Arjen Poutsma [ 01/Nov/10 ]

Closing as Won't Fix for now.

Comment by Paul Nyheim [ 01/Nov/10 ]

In that case, I suggest that the documentation around exception handling should be improved.

Comment by Arjen Poutsma [ 01/Nov/10 ]

Updated issue to reflect documentation is required.

Comment by Arjen Poutsma [ 01/Nov/10 ]

Agreed, I've reopened the issue (& edited it accordingly).

Comment by Arjen Poutsma [ 04/May/12 ]

Closing old issues

Generated at Wed Dec 13 05:04:52 UTC 2017 using JIRA 6.4.14#64029-sha1:ae256fe0fbb912241490ff1cecfb323ea0905ca5.