Announcement Announcement Module
Collapse
No announcement yet.
Spring-ws and ACEGI vs deleted\locked users Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring-ws and ACEGI vs deleted\locked users

    H,
    How to configure WS security\ACEGI in spring webservices to check for
    deleted\locked users and send error message like user has been deleted\locked.

    This is my current configuration ,AcegiDigestPasswordValidationCallbackHandler doesn't check for deleted \locked users??

    Regards
    Harshi


    <!-- ===================== WS-SECURITY ============================== -->

    <bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.X wsSecurityInterceptor">
    <description>
    This interceptor validates incoming messages according to the policy defined in 'securityPolicy.xml'.
    The policy defines that all incoming requests must have a UsernameToken with a password digest in it.
    The actual authentication is performed by the Acegi callback handler.
    </description>
    <property name="secureResponse" value="false"/>
    <property name="policyConfiguration"
    value="/WEB-INF/securityPolicy.xml"/>
    <property name="callbackHandler">
    <bean class="org.springframework.ws.soap.security.xwss.c allback.acegi.AcegiDigestPasswordValidationCallbac kHandler">
    <property name="userDetailsService" ref="securityService"/>
    <property name="userCache" ref="userCache"/>
    </bean>
    </property>
    </bean>

  • #2
    Any one has this problem for checking expired\deleted users?

    Regards
    Harshi

    Comment


    • #3
      Have exactly the same requirement as you, but the SpringPlainTextPasswordValidationCallbackHandler filters the LockedException.

      Have you found a solution?

      Comment

      Working...
      X