[SWS-890] Can the WSSecurityEngine used in Wss4jSecurityInterceptor be externalized to introduce custom behaviour? Created: 02/Feb/15 Updated: 09/Feb/16 Resolved: 09/Feb/16
|Project:||Spring Web Services|
|Reporter:||saiprasad krishnamurthy||Assignee:||Greg Turnquist|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Pull Request URL:||https://github.com/spring-projects/spring-ws/pull/58|
I'm using Wss4jSecurityInterceptor based approach.
These are what I'm after:
These are the caveats:
Here is one approach:
However, in my case, if this securityEngine was externalizable (injectable), I can provide my implementation of the engine which can then suppress the UsernameToken (password validation).
This helps me to then to get the Username and Password in my interceptor in the overridden checkResults method which can be used for LDAP Authentication. I will have the full access to the username and password here.
Here is my custom WSSecurityEngine:
Back in my SecurityInterceptor (that extends Wss4jSecurityInterceptor):
Can the WSSecurityEngine be made injectable in Wss4jSecurityInterceptor or is there any other standard way to implement what I'm after? Thanks for your time.
|Comment by Greg Turnquist [ 27/Jan/16 ]|
Evaluate if this fits the scope of Spring WS 2.3.