Announcement Announcement Module
Collapse
No announcement yet.
exception thrown by Wss4jSecurityInterceptor not handled by exceptionResolver? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • exception thrown by Wss4jSecurityInterceptor not handled by exceptionResolver?

    I have a working web services endpoint using Spring 2.5.6, spring-ws 1.5.5, and spring-security 2.0.4.

    We're requiring WS-Security on all methods, so we have a Wss4jSecurityInterceptor bean in our applicationContext. That bean references a SpringPlainTextPasswordValidationCallbackHandler instance, which in turn is linked to a DaoAuthenticationProvider containing our UserDetailsService implementation.

    The UserDetailsService implementation is backed by a database. I'd like to handle the situation where the database is down for maintenance by mapping Spring's CannotGetJdbcConnectionException to a "SERVER" SOAP fault. I assumed that I just had to add the line to the exceptionMappings property of my SoapFaultMappingExceptionResolver; however it appears that isn't the case.

    Even with the right line in my exceptionMappings property, my soap client gets a SOAP fault, but the message is not my own:
    The security token could not be authenticated or authorized; nested exception is org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized

    The type of that fault is also a CLIENT fault (I want it to be SERVER - it's not an authentication failure, the database just isn't available).

    here is the relevant section of the logs from the endpoint:
    Code:
    2008-11-20 13:36:28,055 DEBUG org.springframework.ws.soap.security.wss4j.callback.SpringPlainTextPasswordValidationCallbackHandler - Authentication request for user 'fake' failed: org.springframework.security.AuthenticationServiceException: Could not get JDBC Connection; nested exception is org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (ORA-01017: invalid username/password; logon denied
    ); nested exception is org.springframework.jdbc.CannotGetJdbcConnectionException: Could not get JDBC Connection; nested exception is org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (ORA-01017: invalid username/password; logon denied
    )
    2008-11-20 13:36:28,062 WARN org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor - Could not validate request: The security token could not be authenticated or authorized; nested exception is org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized
    It seems as if exceptions thrown by the Wss4jSecurityInterceptor aren't resolved by the exceptionResolver (setting a breakpoint within the resolver shows it never gets called) - is this expected behavior?

  • #2
    Here's relevant sections of my configuration:
    Code:
    <bean id="securityInterceptor"
    		class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
    		<property name="validationActions" value="UsernameToken" />
    		<property name="validationCallbackHandler" ref="springSecurityHandler" />
    		<property name="secureResponse" value="false" />
    		<property name="validateRequest" value="true" />
    	</bean>
    	<bean id="springSecurityHandler"
    		class="org.springframework.ws.soap.security.wss4j.callback.SpringPlainTextPasswordValidationCallbackHandler">
    		<property name="authenticationManager" ref="authenticationManager" />
    	</bean>
    	<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
    		<property name="providers">
    			<bean
    				class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
    				<property name="userDetailsService" ref="userDetailsService" />
                            </bean>
    		</property>
    	</bean>
    
    ...
    
    <bean id="annotationMapping"
    		class="org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping">
    		<property name="defaultEndpoint" ref="courseRosterEndpoint" />
    		<property name="interceptors">
    			<list>
    				<ref bean="securityInterceptor" />
    			</list>
    		</property>
    	</bean>
    <bean id="exceptionResolver"
    		class="org.springframework.ws.soap.server.endpoint.SoapFaultMappingExceptionResolver">
    		<property name="defaultFault" value="SERVER" />
    		<property name="exceptionMappings">
    			<value>
    			org.springframework.oxm.ValidationFailureException=CLIENT,Invalid request
    			org.springframework.security.AuthenticationServiceException=SERVER,Service temporarily unavailable
    			org.springframework.security.BadCredentialsException=CLIENT,Authentication failed
    			org.springframework.dao.DataAccessException=SERVER,Service temporarily unavailable
    			org.springframework.jdbc.CannotGetJdbcConnectionException=SERVER,Service temporarily unavailable
    			java.lang.IllegalArgumentException=CLIENT,One or more of your arguments is invalid
    			service.PersonNotFoundException=CLIENT,Person not found
    			service.CourseSectionNotFoundException=CLIENT,Course Section either doesn't exist or is not within account scope
    			security.AuthorizationFailureException=CLIENT,Your account is not authorized to request this method
    			java.lang.Exception=SERVER,A server error occurred
    			</value>
    		</property>
    	</bean>

    Comment


    • #3
      Hi nblair,

      Were u able to specify ur own message in this scenario? if yes then can you please share your findings/solution to solve this issue, as i also want to do similar kind of thing.

      Thanks,
      Muein

      Comment

      Working...
      X