ConcurrentSessionController For SpringPlainTextPasswordValidationCallbackHandler

[fox241]

How can I use the SpringPlainTextPasswordValidationCallbackHandler with a authenticationManager that references a ConcurrentSessionControllerImpl?

I looked at the code for the SpringPlainTextPasswordValidationCallbackHandler and it never calls authResult.setDetails(), so when the ConcurrentSessionControllerImpl calls SessionRegistryUtils.obtainSessionIdFromAuthentica tion an exception is thrown.

my configs:

Code:

	<bean id="concurrentSessionController"		class="org.springframework.security.concurrent.ConcurrentSessionControllerImpl">
		<property name="maximumSessions" value="5" />
		<property name="sessionRegistry" ref="sessionRegistry"/>
	</bean>
	
	<bean id="sessionRegistry" class="org.springframework.security.concurrent.SessionRegistryImpl"/>
	
	<bean id="customizedConcurrentSessionFilter" class="org.springframework.security.concurrent.ConcurrentSessionFilter">
	    <property name="sessionRegistry" ref="sessionRegistry" />
	</bean>

	<security:authentication-manager alias="manager" session-controller-ref="concurrentSessionController"/>


	<bean id="wsSecurityInterceptor"
		class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
		<property name="policyConfiguration" value="/WEB-INF/serverSecurityPolicy.xml" />
		<property name="callbackHandlers">
			<list>
				<ref bean="authenticationHandler" />
			</list>
		</property>
	</bean>

	<bean id="authenticationHandler" class="org.springframework.ws.soap.security.xwss.callback.SpringPlainTextPasswordValidationCallbackHandler">
	 	  <property name="authenticationManager" ref="manager" />
	</bean>

[fox241]

I have ended up just using BasicAuth for my webservices.

However, if anyone has any rad suggestions on how to populate the AbstractAuthenticationToken details, I'd be up to hear them?

thanks!