Announcement Announcement Module
No announcement yet.
acegi HTTPSessionEventPublisher? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • acegi HTTPSessionEventPublisher?

    I'm trying to use the acegi HttpSessionEventPublisher with spring-ws.
    All I do is add it to my web.xml as a filter.
    In fact in doing that, I have a local copy of the code for HttpSessionEventPublisher and I set breakpoints at the methods in it.
    When I try to test, I don't see HttpSessionEventPublisher being called at all. I don't get to my app at all either.

    The error I see on my client side is
    The request failed with HTTP status 505: HTTP Version Not Supported.
    Could it be that this method can't be used as an interceptor when working with spring-ws?

    I asked about this in the acegi threads yesterday from the acegi point of view -
    but I didn't think at the time that the event publisher was not even getting called, and now I do.

    Any advice is appreciated.

  • #2
    following up

    As a follow up here, I've tried to add this filter to web.xml for the echo webservice sample, and get a similar problem.

    I had echo running fine, all I did was add this listener to the config as follows (no other changes).
    <?xml version="1.0" encoding="ISO-8859-1"?>
    <!DOCTYPE web-app PUBLIC
        "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
       	<!--Location of the Log4J config file, for initialization and refresh checks.
       		Applied by Log4jConfigListener. -->
        <!-- Logger for web server specific messages. -->
        <!-- Loads the root application context of this web app at startup.
        	 Use WebApplicationContextUtils.getWebApplicationContext(servletContext)
        	 to access it anywhere in the web application, outside of the framework.
    	  	 The root context is the parent of all servlet-specific contexts.
    	  	 This means that its beans are automatically available in these child contexts,
    		 both for getBean(name) calls and (external) bean references. -->
        <!-- Starts the web service servlet. -->
        <!-- We map all request to the springws servlet. -->


    • #3
      By design, the Spring-WS mechanism does not use acegi's HTTP authentication mechanism, because in WS-Security all security related information is separated from the transport.

      This means that the web related part of security does not work, including the HttpSessionEventPublisher. In fact, the HttpSession is not even used to store credentials, because with WS-Security the credentials are stored in every single message.


      • #4
        thanks for the reply

        Thanks for the reply. That does make sense, and I did suspect the issue with the filter was specific to spring-ws. It isn't a matter of just not working however, it does intefer with the running of the servlet without any errors or messages indicating why. Since acegi integrates fairly well in other ways with spring-ws, it is not expected that this won't so maybe something in the documentation for spring-ws and acegi would help prevent the use of it.
        Thanks for the clarification.
        ... Rich


        • #5
          following up

          The reason I was trying to work with the HttpSessionEventPublisher was so that I could try the concurrent session handling feature of Acegi from within my spring-ws enabled app.
          Since the http model is different for spring-ws, is there any ability to apply something similar to limit the number of concurrent sessons for a principal?


          • #6
            Originally posted by farrellr View Post
            Since the http model is different for spring-ws, is there any ability to apply something similar to limit the number of concurrent sessons for a principal?
            Sounds interesting, but there are currently no plans to implement something like that. However, if you come up with a solution, I will gladly put it in the codebase.