Announcement Announcement Module
No announcement yet.
multiple callback handlers for XwsSecurityInterceptor? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • multiple callback handlers for XwsSecurityInterceptor?

    I can see that the callbackHandlers can be a list for the security interceptor in spring-ws. I would expect then that they would be called in order to try to validate a user.
    When I try to include 2 however (1 for some accounts against memory, and the other to look in the database) authentication always fails.
    If I include 1 or the other and test, the accounts that they should validate work. Here is my xml:
     <bean id="wsSecurityInterceptor"
            <property name="policyConfiguration" value="classpath:securityPolicy.xml"/>
            <property name="secureResponse" value="false" />
            <property name="callbackHandlers">
                <ref bean="memoryHandler" />
                <ref bean="jdbcHandler" />
    Am I misunderstanding the use of 2 different callback handlers? Once again, going with memoryHandler works for some accounts, jdbcHandler for others, but the 2 together no accounts seem to validate.
    Thanks for any help here.

  • #2
    They are executed in order, but only to support multiple callback types in multiple handlers. So when the first handler says he can handle authentication callbacks, the next handler isn't tried.

    For the case you're giving, you could create a delegating CallbackHandler implementation, which first tries to authenticate against the memoryHandler, and after that the jdbcHandler.