Spring WS integration with LDAP server

[andreie]

Hi,

I need to expose the functionality of the project thought web services. We want to use spring web services for that but my concern is how to integrate spring-ws with LDAP server for authentication? (When a client need to access our WS, the validity of the client is checked using a LDAP server by our web service). I saw some security in spring web service tutorial but nothing about LDAP server integration, and also the internet is very poor related to this. Please help...

Thanks in advance!

[Marten Deinum]

From a high-level it doesn't matter... You should simply consider LDAP as another means to store your information so the only difference is (more or less) the fact that you don't use a database, file or whatever. I suggest taking a look at Spring Security and how to integrate that in Spring-WS.

[andreie]

I was thinking how to integrate spring-ws with spring LDAP. Maybe is not very clear from my recent post.
Thanks for the suggestion.Looking what I can do with Spring Security.

[andreie]

I have some progress here. Still not working. I don't know how to catch incoming requests from client, extract UsernameTokens from the header and compare username and password with those from my LDAP server. I will poste my securityPolicy file from my client and WS configuration file:

securityPolicy.xml:

<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:RequireTimestamp maxClockSkew="60"
timestampFreshnessLimit="300" />
<xwss:RequireUsernameToken
passwordDigestRequired="false" nonceRequired="false" />
<xwss:Timestamp />
<xwss:UsernameToken name="simpleUser" password="pass"
digestPassword="false" useNonce="false" />
</xwss:SecurityConfiguration>

Every request from my client will conatain UsernameToke in header.



spring-ws-servlet.xml:

<sws:interceptors>
<bean
class="org.springframework.ws.soap.security.xwss.X wsSecurityInterceptor">
<property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml" />
<property name="callbackHandlers">
<list>
<ref bean="springSecurityHandler" />
</list>
</property>
</bean>

</sws:interceptors>

<bean id="springSecurityHandler"
class="org.springframework.ws.soap.security.xwss.c allback.SpringPlainTextPasswordValidationCallbackH andler">
<property name="authenticationManager" ref="authManager" />
</bean>

<s:authentication-manager alias="authManager">
<s:ldap-authentication-provider
user-search-filter="(uid={0})" user-search-base="ou=users"
group-search-filter="(uniqueMember={0})" group-search-base="ou=groups"
group-role-attribute="cn" role-prefix="ROLE_">
</s:ldap-authentication-provider>
</s:authentication-manager>

<s:ldap-server ldif="/WEB-INF/users.ldif" root="o=users" />


As you cand see I tried a spring-security, spring-ws integration here.

I'm using an embedded LDAP server. The output message is :

SOAP Fault Code {http://schemas.xmlsoap.org/soap/envelope/}Client
SOAP Fault String: com.sun.xml.wss.impl.WssSoapFaultException: Authentication of Username Password Token Failed; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Authentication of Username Password Token Failed
Jun 5, 2012 4:33:44 PM org.springframework.context.support.AbstractApplic ationContext doClose


My user from policy file is in the LDAP server. Sincerly i don't know if this is the right way to do. It's first time when I work with spring-ws, and LDAP servers