Sep 24th, 2012, 05:54 AM
Spring WS 2.1.1 still breaks old functionaity ?!
Since Release 2.1.0, Spring WS no longer contains the class SpringPlainTextPasswordValidationCallbackHandler (although it is still documented in the online API docs !)
The release notes for 2.1.0 state that the new class SpringSecurityPasswordValidationCallbackHandler should be used as a replacement, but SpringSecurityPasswordValidationCallbackHandler does not provide the possibility to plug-in an AuthenticationManager. So there is currently no way to authenticate against a hashed password. See also this post for details: http://forum.springsource.org/showth...716#post418716
There is still no solution in 2.1.1. Any suggestions? Am I missing something? Thanks in advance!
Nov 6th, 2012, 05:18 PM
I ran into this issue as well, I ended up logging a bug for it - https://jira.springsource.org/browse/SWS-805
It looks like the only issue was that the documentation was out of date (it has now been updated).
I'm also looking to understand the rationale behind this as using an Authentication Manager was useful.
In my case our passwords are sent in plain text (https, internal network) but we store our user passwords as a hash so using the Authentication Manager implementation worked well because it was responsible for dealing with the hashing etc. In the new implementation we would need to change our client's code to hash the password first before we could use the new version.
I'm still looking for a way around this, currently i'm considering either re-implementing the old SpringPlainTextPasswordValidationCallbackHandler in our code or completly changing our authentication code to have a plaintext password available rather than a hash (lots of work!).
I'm reluctant to change the clients as it would be breaking backwards compatibility.
How did you end up getting around this?