Authenticate Web Page + WebService

Hello friends...Another time I need your help...

I did do a little web system using JSF2.0 + Hibernate + SpringSecurity3 + GlassFish3. All that is working perfectly. I can login, Spring is managing the access, all is ok.

See the applicationContext-security.xml bellow:

HTML Code:

---

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
  xmlns:beans="http://www.springframework.org/schema/beans" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xsi:schemaLocation="http://www.springframework.org/schema/beans 
          http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
          http://www.springframework.org/schema/security 
          http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 
     
        <http auto-config='true'> 
 
            <intercept-url pattern="/admin/**" access="ROLE_ADMINISTRADOR" /> 
            <form-login login-page="/publico/login.jsf" 
                    always-use-default-target="true" 
                    default-target-url="/admin/lista_classes_por_professor.jsf" 
                    authentication-failure-url="/publico/login.jsf?login_error=1" /> 
            <logout/> 
            <remember-me /> 
    </http> 
 
    <authentication-manager> 
            <authentication-provider>
                <jdbc-user-service 
                    data-source-ref="dataSource" 
                    authorities-by-username-query="SELECT u.login, p.permissao 
                                                  FROM usuario as u, usuario_permissao as p 
                                                  where u.acesso = p.id 
                                                  AND u.login = ?" 
                    users-by-username-query="SELECT login, senha, ativo 
                                            FROM usuario 
                                            WHERE login = ?" /> 
                 
            </authentication-provider> 
    </authentication-manager> 
     
</beans:beans>

---

And bellow the applicationContext.xml:

HTML Code:

---

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
      xmlns:p="http://www.springframework.org/schema/p" 
      xmlns:aop="http://www.springframework.org/schema/aop" 
      xmlns:tx="http://www.springframework.org/schema/tx" 
      xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
      http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd 
      http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> 
 
    <bean id="propertyConfigurer" 
          class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" 
          p:location="/WEB-INF/jdbc.properties" /> 
 
    <bean id="dataSource" 
          class="org.springframework.jdbc.datasource.DriverManagerDataSource" 
          p:driverClassName="${jdbc.driverClassName}" 
          p:url="${jdbc.url}" 
          p:username="${jdbc.username}" 
          p:password="${jdbc.password}" /> 
</beans>

---

All this is working as well but....

Some of this system's data must be accessed by mobile, so I started to build a Web Service in the project (I using JAX-WS). And since them my problems began...because I don't know how to login in the system by WebService and if I can't login I can't access the business layer, since I have a filter blocking all that doesn't have the ROLE_ADMIN...

I searching some solutions but I couldn't to solve this...
I must login by web page (login.jsf) that is now working as well, and I must login by a WebService too...that's not working...

Someone could help me?

I thank you in advance!

I don't know if I was clear....

What I want is a way to combine form authentication, and web service authentication in the sabe project....

Quote:

---

Originally Posted by danielhlima

Hello friends...Another time I need your help...

I did do a little web system using JSF2.0 + Hibernate + SpringSecurity3 + GlassFish3. All that is working perfectly. I can login, Spring is managing the access, all is ok.

See the applicationContext-security.xml bellow:

HTML Code:

---

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
  xmlns:beans="http://www.springframework.org/schema/beans" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xsi:schemaLocation="http://www.springframework.org/schema/beans 
          http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
          http://www.springframework.org/schema/security 
          http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 
     
        <http auto-config='true'> 
 
            <intercept-url pattern="/admin/**" access="ROLE_ADMINISTRADOR" /> 
            <form-login login-page="/publico/login.jsf" 
                    always-use-default-target="true" 
                    default-target-url="/admin/lista_classes_por_professor.jsf" 
                    authentication-failure-url="/publico/login.jsf?login_error=1" /> 
            <logout/> 
            <remember-me /> 
    </http> 
 
    <authentication-manager> 
            <authentication-provider>
                <jdbc-user-service 
                    data-source-ref="dataSource" 
                    authorities-by-username-query="SELECT u.login, p.permissao 
                                                  FROM usuario as u, usuario_permissao as p 
                                                  where u.acesso = p.id 
                                                  AND u.login = ?" 
                    users-by-username-query="SELECT login, senha, ativo 
                                            FROM usuario 
                                            WHERE login = ?" /> 
                 
            </authentication-provider> 
    </authentication-manager> 
     
</beans:beans>

---

And bellow the applicationContext.xml:

HTML Code:

---

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
      xmlns:p="http://www.springframework.org/schema/p" 
      xmlns:aop="http://www.springframework.org/schema/aop" 
      xmlns:tx="http://www.springframework.org/schema/tx" 
      xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
      http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd 
      http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> 
 
    <bean id="propertyConfigurer" 
          class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" 
          p:location="/WEB-INF/jdbc.properties" /> 
 
    <bean id="dataSource" 
          class="org.springframework.jdbc.datasource.DriverManagerDataSource" 
          p:driverClassName="${jdbc.driverClassName}" 
          p:url="${jdbc.url}" 
          p:username="${jdbc.username}" 
          p:password="${jdbc.password}" /> 
</beans>

---

All this is working as well but....

Some of this system's data must be accessed by mobile, so I started to build a Web Service in the project (I using JAX-WS). And since them my problems began...because I don't know how to login in the system by WebService and if I can't login I can't access the business layer, since I have a filter blocking all that doesn't have the ROLE_ADMIN...

I searching some solutions but I couldn't to solve this...
I must login by web page (login.jsf) that is now working as well, and I must login by a WebService too...that's not working...

Someone could help me?

I thank you in advance!

---