From do-not-reply at jboss.org Wed Feb 15 16:18:42 2012
Content-Type: multipart/mixed; boundary="===============3459880202127501810=="
MIME-Version: 1.0
From: do-not-reply at jboss.org
To: gatein-commits at lists.jboss.org
Subject: [gatein-commits] gatein SVN: r8428 - in portal/trunk:
 component/web/security/src/main/java/org/exoplatform/web/security and 2 other
 directories.
Date: Wed, 15 Feb 2012 16:18:42 -0500
Message-ID: <201202152118.q1FLIgvP006384@svn01.web.mwc.hst.phx2.redhat.com>

--===============3459880202127501810==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Author: mposolda
Date: 2012-02-15 16:18:41 -0500 (Wed, 15 Feb 2012)
New Revision: 8428

Added:
   portal/trunk/component/web/security/src/main/java/org/exoplatform/web/se=
curity/AuthenticationRegistry.java
   portal/trunk/component/web/security/src/main/java/org/exoplatform/web/se=
curity/AuthenticationRegistryImpl.java
Modified:
   portal/trunk/component/web/security/src/main/java/org/exoplatform/web/lo=
gin/DoLoginServlet.java
   portal/trunk/component/web/security/src/main/java/org/exoplatform/web/lo=
gin/GateinWCIController.java
   portal/trunk/component/web/security/src/main/java/org/exoplatform/web/lo=
gin/RememberMeFilter.java
   portal/trunk/component/web/security/src/main/java/org/exoplatform/web/se=
curity/PortalLoginController.java
   portal/trunk/component/web/security/src/main/java/org/exoplatform/web/se=
curity/PortalLoginModule.java
   portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/common/common-confi=
guration.xml
   portal/trunk/wsrp-integration/extension-ear-as5/src/main/application/lib=
/jboss5integration.jar/conf/configuration.xml
Log:
GTNPORTAL-2275 Get rid of credentials in HTTP session.

Modified: portal/trunk/component/web/security/src/main/java/org/exoplatform=
/web/login/DoLoginServlet.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- portal/trunk/component/web/security/src/main/java/org/exoplatform/web/l=
ogin/DoLoginServlet.java	2012-02-15 15:57:07 UTC (rev 8427)
+++ portal/trunk/component/web/security/src/main/java/org/exoplatform/web/l=
ogin/DoLoginServlet.java	2012-02-15 21:18:41 UTC (rev 8428)
@@ -19,11 +19,14 @@
 =

 package org.exoplatform.web.login;
 =

+import org.exoplatform.container.web.AbstractHttpServlet;
+import org.exoplatform.services.security.ConversationState;
+import org.exoplatform.web.security.AuthenticationRegistry;
 import org.gatein.common.logging.Logger;
 import org.gatein.common.logging.LoggerFactory;
+import org.gatein.wci.security.Credentials;
 =

 import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -33,7 +36,7 @@
 /**
  * @author <a href=3D"mailto:julien.viet(a)exoplatform.com">Julien Viet</a>
  */
-public class DoLoginServlet extends HttpServlet
+public class DoLoginServlet extends AbstractHttpServlet
 {
 =

    /** . */
@@ -65,7 +68,39 @@
          initialURI =3D req.getContextPath();
       }
 =

+      // Now user is successfuly authenticated, so that we can remove cred=
entials from temporary AuthenticationRegistry
+      // and add them to ConversationState
+      Credentials credentials =3D removeCredentialsFromRegistry(req);
+      setCredentialsToConversationState(credentials);
+
       //
       resp.sendRedirect(resp.encodeRedirectURL(initialURI));
    }
+
+   /**
+    * Remove credentials from temporary AuthenticationRegistry because aut=
hentication of user is now finished.
+    *
+    * @param req
+    * @return credentials,which were removed from AuthenticationRegistry
+    */
+   protected Credentials removeCredentialsFromRegistry(HttpServletRequest =
req)
+   {
+      AuthenticationRegistry authenticationRegistry =3D (AuthenticationReg=
istry)getContainer().getComponentInstanceOfType(AuthenticationRegistry.clas=
s);
+      return authenticationRegistry.removeCredentials(req);
+   }
+   =

+   /**
+    * Add credentials to {@link ConversationState}.
+    *
+    * @param credentials
+    */
+   protected void setCredentialsToConversationState(Credentials credential=
s)
+   {
+      ConversationState currentConversationState =3D ConversationState.get=
Current();
+      if (currentConversationState !=3D null && credentials !=3D null)
+      {
+         log.debug("Adding credentials to conversationState for user " + c=
redentials.getUsername());
+         currentConversationState.setAttribute(Credentials.CREDENTIALS, cr=
edentials);
+      }
+   }
 }

Modified: portal/trunk/component/web/security/src/main/java/org/exoplatform=
/web/login/GateinWCIController.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- portal/trunk/component/web/security/src/main/java/org/exoplatform/web/l=
ogin/GateinWCIController.java	2012-02-15 15:57:07 UTC (rev 8427)
+++ portal/trunk/component/web/security/src/main/java/org/exoplatform/web/l=
ogin/GateinWCIController.java	2012-02-15 21:18:41 UTC (rev 8428)
@@ -19,6 +19,9 @@
 =

 package org.exoplatform.web.login;
 =

+import org.exoplatform.container.PortalContainer;
+import org.exoplatform.web.security.AuthenticationRegistry;
+import org.exoplatform.web.security.PortalLoginModule;
 import org.gatein.wci.security.Credentials;
 import org.gatein.wci.security.WCIController;
 =

@@ -94,7 +97,17 @@
    @Override
    public Credentials getCredentials(final HttpServletRequest req, final H=
ttpServletResponse resp)
    {
-      return (Credentials)req.getSession().getAttribute(Credentials.CREDEN=
TIALS);
+      AuthenticationRegistry credRegistry =3D (AuthenticationRegistry)Port=
alContainer.getCurrentInstance(servletContext).
+            getComponentInstanceOfType(AuthenticationRegistry.class);
+      Credentials credentials =3D credRegistry.getCredentials(req);
+      =

+      // Try to find AuthenticatedCredentials in HTTP session
+      if (credentials =3D=3D null)
+      {
+         credentials =3D (Credentials)req.getSession().getAttribute(Portal=
LoginModule.AUTHENTICATED_CREDENTIALS);
+      }
+
+      return credentials;
    }
 =

    @Override

Modified: portal/trunk/component/web/security/src/main/java/org/exoplatform=
/web/login/RememberMeFilter.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- portal/trunk/component/web/security/src/main/java/org/exoplatform/web/l=
ogin/RememberMeFilter.java	2012-02-15 15:57:07 UTC (rev 8427)
+++ portal/trunk/component/web/security/src/main/java/org/exoplatform/web/l=
ogin/RememberMeFilter.java	2012-02-15 21:18:41 UTC (rev 8428)
@@ -21,6 +21,7 @@
 =

 import org.exoplatform.container.ExoContainer;
 import org.exoplatform.container.web.AbstractFilter;
+import org.exoplatform.web.security.AuthenticationRegistry;
 import org.exoplatform.web.security.security.CookieTokenService;
 import org.exoplatform.web.controller.router.PercentEncoding;
 import org.gatein.common.logging.Logger;
@@ -68,7 +69,9 @@
                token, false);
             if (o instanceof Credentials)
             {
-               req.getSession().setAttribute(Credentials.CREDENTIALS, o);
+               AuthenticationRegistry authenticationRegistry =3D (Authenti=
cationRegistry)getContainer().getComponentInstanceOfType(AuthenticationRegi=
stry.class);
+               authenticationRegistry.setCredentials(req, (Credentials)o);
+
                resp.sendRedirect(resp.encodeRedirectURL(
                      loginUrl(
                            req.getContextPath(),

Added: portal/trunk/component/web/security/src/main/java/org/exoplatform/we=
b/security/AuthenticationRegistry.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- portal/trunk/component/web/security/src/main/java/org/exoplatform/web/s=
ecurity/AuthenticationRegistry.java	                        (rev 0)
+++ portal/trunk/component/web/security/src/main/java/org/exoplatform/web/s=
ecurity/AuthenticationRegistry.java	2012-02-15 21:18:41 UTC (rev 8428)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, a division of Red Hat
+ * Copyright 2012, Red Hat Middleware, LLC, and individual
+ * contributors as indicated by the @authors tag. See the
+ * copyright.txt in the distribution for a full listing of
+ * individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.exoplatform.web.security;
+
+import org.gatein.wci.security.Credentials;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+
+/**
+ * Temporary registry for hold credentials (and potentially other attribut=
es) during login process.
+ *
+ *
+ * @author <a href=3D"mailto:mposolda(a)redhat.com">Marek Posolda</a>
+ */
+public interface AuthenticationRegistry
+{
+
+   public Credentials getCredentials(HttpServletRequest request);
+
+
+   public void setCredentials(HttpServletRequest request, Credentials cred=
entials);
+
+
+   public Credentials removeCredentials(HttpServletRequest request);
+
+}

Added: portal/trunk/component/web/security/src/main/java/org/exoplatform/we=
b/security/AuthenticationRegistryImpl.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- portal/trunk/component/web/security/src/main/java/org/exoplatform/web/s=
ecurity/AuthenticationRegistryImpl.java	                        (rev 0)
+++ portal/trunk/component/web/security/src/main/java/org/exoplatform/web/s=
ecurity/AuthenticationRegistryImpl.java	2012-02-15 21:18:41 UTC (rev 8428)
@@ -0,0 +1,107 @@
+/*
+ *
+ *  JBoss, a division of Red Hat
+ *  Copyright 2012, Red Hat Middleware, LLC, and individual contributors a=
s indicated
+ *  by the @authors tag. See the copyright.txt in the distribution for a
+ *  full listing of individual contributors.
+ *
+ *  This is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU Lesser General Public License as
+ *  published by the Free Software Foundation; either version 2.1 of
+ *  the License, or (at your option) any later version.
+ *
+ *  This software is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this software; if not, write to the Free
+ *  Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ *  02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ *
+ */
+
+package org.exoplatform.web.security;
+
+import org.gatein.wci.security.Credentials;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+
+/**
+ * Temporary registry for hold credentials (and potentially other attribut=
es) during login process to avoid store them in session.
+ * Registry is used only during authentication process and attributes of t=
arget client are cleared after successful authentication,
+ *  =

+ * @author <a href=3D"mailto:mposolda(a)redhat.com">Marek Posolda</a>
+ */
+public class AuthenticationRegistryImpl implements AuthenticationRegistry
+{
+
+   // Key is ID of HTTP Session. Value is map with various attributes of s=
ingle client (session),
+   // which will be used during authentication process.
+   private final ConcurrentMap<String, Map<String, Object>> registry =3D n=
ew ConcurrentHashMap<String, Map<String, Object>>();
+
+
+   public Credentials getCredentials(HttpServletRequest request)
+   {
+      String sessionId =3D getSessionId(request);
+      Map<String, Object> attributesOfClient =3D registry.get(sessionId);
+
+      if (attributesOfClient =3D=3D null)
+      {
+         return null;
+      }
+
+      return (Credentials)attributesOfClient.get(Credentials.CREDENTIALS);
+   }
+
+
+   public void setCredentials(HttpServletRequest request, Credentials cred=
entials)
+   {
+      String sessionId =3D getSessionId(request);
+
+      Map<String, Object> attributesOfClient =3D getAttributesOfClient(ses=
sionId);
+      attributesOfClient.put(Credentials.CREDENTIALS, credentials);
+   }
+
+
+   public Credentials removeCredentials(HttpServletRequest request)
+   {
+      String sessionId =3D getSessionId(request);
+
+      Map<String, Object> attributesOfClient =3D getAttributesOfClient(ses=
sionId);
+
+      Credentials credentials =3D (Credentials)attributesOfClient.remove(C=
redentials.CREDENTIALS);
+
+      // Clear map if no more attributes are here.
+      if (attributesOfClient.size() =3D=3D 0)
+      {
+         registry.remove(sessionId);
+      }
+
+      return credentials;
+   }
+
+
+   private Map<String, Object> getAttributesOfClient(String sessionId)
+   {
+      Map<String, Object> attributes =3D registry.get(sessionId);
+
+      if (attributes =3D=3D null)
+      {
+         attributes =3D new ConcurrentHashMap<String, Object>();
+         registry.putIfAbsent(sessionId, attributes);
+      }
+
+      return registry.get(sessionId);
+   }
+
+
+   private String getSessionId(HttpServletRequest req)
+   {
+      return req.getSession().getId();      =

+   }
+}

Modified: portal/trunk/component/web/security/src/main/java/org/exoplatform=
/web/security/PortalLoginController.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- portal/trunk/component/web/security/src/main/java/org/exoplatform/web/s=
ecurity/PortalLoginController.java	2012-02-15 15:57:07 UTC (rev 8427)
+++ portal/trunk/component/web/security/src/main/java/org/exoplatform/web/s=
ecurity/PortalLoginController.java	2012-02-15 21:18:41 UTC (rev 8428)
@@ -19,6 +19,7 @@
 =

 package org.exoplatform.web.security;
 =

+import org.exoplatform.container.ExoContainerContext;
 import org.exoplatform.web.login.InitiateLoginServlet;
 import org.exoplatform.web.security.security.AbstractTokenService;
 import org.exoplatform.web.security.security.CookieTokenService;
@@ -64,7 +65,7 @@
             {
                //Create token
                AbstractTokenService tokenService =3D AbstractTokenService.=
getInstance(CookieTokenService.class);
-               Credentials credentials =3D (Credentials)req.getSession().g=
etAttribute(Credentials.CREDENTIALS);
+               Credentials credentials =3D getCredentials(req);
                String cookieToken =3D tokenService.createToken(credentials=
);
 =

                log.debug("Found a remember me request parameter, created a=
 persistent token " + cookieToken + " for it and set it up " +
@@ -95,4 +96,34 @@
       String redirectURI =3D req.getContextPath() + "/dologin?initialURI=
=3D" + URLEncoder.encode(uri, "UTF-8");
       resp.sendRedirect(resp.encodeRedirectURL(redirectURI));
    }
+
+   /**
+    * Read credentials from ConversationState instead of HTTP session.
+    *
+    * @param req
+    * @return credentials
+    */
+   @Override
+   protected Credentials getCredentials(HttpServletRequest req)
+   {
+      return getAuthenticationRegistry(req).getCredentials(req);
+   }
+
+   /**
+    * Set credentials to ConversationState instead of HTTP session
+    *
+    * @param req
+    * @param credentials
+    */
+   @Override
+   protected void setCredentials(HttpServletRequest req, Credentials crede=
ntials)
+   {
+      getAuthenticationRegistry(req).setCredentials(req, credentials);
+   }
+
+   private AuthenticationRegistry getAuthenticationRegistry(HttpServletReq=
uest req)
+   {
+      return (AuthenticationRegistry) ExoContainerContext.getCurrentContai=
ner().
+            getComponentInstanceOfType(AuthenticationRegistry.class);
+   }
 }

Modified: portal/trunk/component/web/security/src/main/java/org/exoplatform=
/web/security/PortalLoginModule.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- portal/trunk/component/web/security/src/main/java/org/exoplatform/web/s=
ecurity/PortalLoginModule.java	2012-02-15 15:57:07 UTC (rev 8427)
+++ portal/trunk/component/web/security/src/main/java/org/exoplatform/web/s=
ecurity/PortalLoginModule.java	2012-02-15 21:18:41 UTC (rev 8428)
@@ -169,7 +169,6 @@
             else
             {
                request.getSession().setAttribute(AUTHENTICATED_CREDENTIALS=
, wc);
-               handleCredentialsRemoving(request);
             }
          }
          catch(Exception e)
@@ -187,6 +186,13 @@
     */
    public boolean abort() throws LoginException
    {
+      HttpServletRequest request =3D getCurrentHttpServletRequest();
+
+      if (request !=3D null)
+      {
+         handleCredentialsRemoving(request);
+      }
+
       return true;
    }
 =

@@ -210,14 +216,24 @@
    }
 =

    /**
-    * Remove credentials of authenticated user from HTTP session.
+    * Remove credentials of authenticated user from AuthenticationRegistry.
     *
     * @param request httpRequest
     */
    protected void handleCredentialsRemoving(HttpServletRequest request)
    {
-      // TODO: We can't remove credentials from HTTP session right now bec=
ause WSRP-Security relies on it. See method WSSecurityCredentialHelper.hand=
leRequest
-      // request.getSession().removeAttribute(Credentials.CREDENTIALS);
+      try
+      {
+         AuthenticationRegistry authenticationRegistry =3D (Authentication=
Registry)getContainer().getComponentInstanceOfType(AuthenticationRegistry.c=
lass);
+         if (request !=3D null)
+         {
+            authenticationRegistry.removeCredentials(request);
+         }
+      }
+      catch (Exception e)
+      {
+         log.debug("Unable to remove credentials from credentialsRegistry.=
", e);
+      }
    }
 =

    private HttpServletRequest getCurrentHttpServletRequest()

Modified: portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/common/commo=
n-configuration.xml
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/common/common-conf=
iguration.xml	2012-02-15 15:57:07 UTC (rev 8427)
+++ portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/common/common-conf=
iguration.xml	2012-02-15 21:18:41 UTC (rev 8428)
@@ -185,6 +185,11 @@
     </init-params>
   </component>
 =

+  <component>
+    <key>org.exoplatform.web.security.AuthenticationRegistry</key>
+    <type>org.exoplatform.web.security.AuthenticationRegistryImpl</type>
+  </component>
+
   <external-component-plugins>
     <target-component>org.exoplatform.services.cache.ExoCacheFactory</targ=
et-component>
     <component-plugin>

Modified: portal/trunk/wsrp-integration/extension-ear-as5/src/main/applicat=
ion/lib/jboss5integration.jar/conf/configuration.xml
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- portal/trunk/wsrp-integration/extension-ear-as5/src/main/application/li=
b/jboss5integration.jar/conf/configuration.xml	2012-02-15 15:57:07 UTC (rev=
 8427)
+++ portal/trunk/wsrp-integration/extension-ear-as5/src/main/application/li=
b/jboss5integration.jar/conf/configuration.xml	2012-02-15 21:18:41 UTC (rev=
 8428)
@@ -31,10 +31,10 @@
       <key>org.gatein.wsrp.wss.credentials.CredentialsAccessor</key>
 =

       <!-- Reading credentials from HTTP session -->
-      <type>org.gatein.wsrp.wss.credentials.HTTPSessionCredentialsAccessor=
</type>
+      <!--<type>org.gatein.wsrp.wss.credentials.HTTPSessionCredentialsAcce=
ssor</type>-->
 =

       <!-- Reading credentials from ConversationState -->
-      <!--<type>org.gatein.integration.wsrp.wss.ConversationStateCredentia=
lsAccessor</type>-->
+      <type>org.gatein.integration.wsrp.wss.ConversationStateCredentialsAc=
cessor</type>
    </component>
 =

    <component>


--===============3459880202127501810==--