exceptionspring-securityspring-wswss4j

Spring Web Services and Spring Security Exception handling


I am trying to think of an solution to cascade exceptions from Spring security as soap faults in Spring Web services.

We use Spring web services and perform authentication using SimplePlainTextPasswordValidationCallbackHandler. However all customized exceptions from within spring security get output as a "Invalid Soap Header" in the soap response. This is believe is the default behavior.

Any way we could perhaps override this behavior to cascade our customized exception to Spring WS?

Thanks.


Solution

  • For this you need to implement an EndpointExceptionResolver as the handleValidationException method of the XwsSecurityInterceptor delegates the exception to this resolver as mentioned here and also here . Or you can simply add SoapFaultMappingExceptionResolver to your applicationContext.xml like this:

    <beans>
    <bean id="exceptionResolver" class="org.springframework.ws.soap.server.endpoint.SoapFaultMappingExceptionResolver">
        <property name="defaultFault" value="SERVER"/>
        <property name="exceptionMappings">
            <value>
                org.springframework.oxm.ValidationFailureException=CLIENT,Oops!Something went wrong
            </value>
        </property>
    </bean>
    </beans>
    

    More Info on this here