Implementing WS Security selectively on @Endpoint

Printable View

Feb 26th, 2008, 12:51 PM
Rahul Mishra

Implementing WS Security selectively on @Endpoint

Hi,

I was playing around with Spring WS and i came across a problem..

I have two methods defined in my @Endpoint. My intent is to apply WS security on one and not on the other.Can this be done?

Reason tells me it can't because i defined the following for spring to detect all @Endpoints..

HTML Code:

<bean class="org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping"> <property name="interceptors"> <list> <ref bean="wsSecurityInterceptor"/> </list> </property> </bean>

So, it would apply the security intereceptor on all the methods.Am i missing something here?

If it can't be done what are the options ?

Any pointers will be very helpful...
Feb 27th, 2008, 04:57 AM
Paul Nyheim

What we have done is to define two MessageDispatcherServlets in our web.xml,

Code:

<servlet> <servlet-name>unsecure-ws</servlet-name> <servlet-class>org.springframework.ws.transport.http.MessageDispatcherServlet</servlet-class> </servlet> <servlet> <servlet-name>ws</servlet-name> <servlet-class>org.springframework.ws.transport.http.MessageDispatcherServlet</servlet-class> </servlet>

Then you can use different interceptors for your endpoints. The two contexts, ws-servlet.xml and unsecure-ws-servlet.xml will be loaded as child contexts to the root WebApplicationContext loaded by ContextLoaderListener, and willl suffer no bean namespace collisions.

We have also extracted some common configuration to be loaded by ContextLoaderListener, e.g. the endpoint exception resolvers

Regards,
Paul
Feb 27th, 2008, 05:28 AM
Rick Evans

Hi Paul

WARNING: this is totally untried :)

You could _possibly_ create a custom @Endpoint annotation (@SecureEndpoint?), and have another PayloadRootAnnotationMethodEndpointMapping (PRAMM) definition that consumes/looks-for this custom annotation as opposed to just the @Endpoint annotation. That way you can still have a single MDS, and you can specify the interceptors at the PRAMM level. The downside is that there is no setter on PRAMM to set the looked-for annotation, so you'll need to subclass it.

'Abstract base for EndpointMapping implementations that map classes tagged with an annotation. By default the annotation is @Endpoint, but this can be overriden in subclasses.'

Arjen will be able to confirm this for sure :)

Cheers
Rick