Results 1 to 2 of 2

Thread: Basic Spring Web Service Authentication with database username/password

  1. Apr 3rd, 2012, 09:44 AM #1
    gillonv
    gillonv is offline Junior Member
    Join Date
    Apr 2012
    Posts
    1

    Question Basic Spring Web Service Authentication with database username/password

    Hi,
    I am looking for a simple example of Spring Web Service that would serve the purpose of Authentication through database login.

    I have started implementing Spring Security Interceptor such as:
    Code:
    <sws:interceptors>
		<bean id="validatingInterceptor"
			class="org.springframework.ws.soap.server.endpoint.interceptor.PayloadValidatingInterceptor"
			p:schema="/WEB-INF/xsd/login.xsd" p:validateRequest="true"
			p:validateResponse="true" />
		<bean id="loggingInterceptor" class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor" />
		<bean class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
			<property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml" />
			<property name="callbackHandlers">
				<list>
					<ref bean="callbackHandler" />
				</list>
			</property>
		</bean>
	</sws:interceptors>

	<bean id="callbackHandler" class="org.springframework.ws.soap.security.xwss.callback.SpringPlainTextPasswordValidationCallbackHandler">
		<property name="authenticationManager" ref="authenticationManager" />
	</bean>
    Then I created my custom authenticationManager class that implements AuthenticationProvider where I actually want to ping the database with datasource injected with username/password retrieved from the SOAP request. I use UserCredentialsDataSourceAdapter for that.

    I have also created my securityPolicy.xml as:
    Code:
    <xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
	<xwss:RequireTimestamp maxClockSkew="60"
		timestampFreshnessLimit="300" />
	<xwss:RequireUsernameToken
		passwordDigestRequired="false" nonceRequired="false" />

	<xwss:Timestamp />
	<xwss:UsernameToken ????????????????? How to return a generated token id here
		digestPassword="true" useNonce="true" />
</xwss:SecurityConfiguration>
    I am having hard time to get all those mappings setup. Meaning retrieving the username/password from the SOAP request and pass it to my authenticationManager.
    Finally, once the login is validated, I'd like to return a token id as part of the SOAP response.

    Thanks for the help!
    Reply With Quote Reply With Quote
  2. Jun 27th, 2012, 04:01 AM #2
    jaykhimani
    jaykhimani is offline Junior Member
    Join Date
    Jan 2011
    Posts
    3

    Default

    Can you post your authenticationManager configuration and also the Java code for it?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules