Simple spring security web

**neotherack** · Jul 21st, 2009, 05:31 PM

i've developed a spring web service, it works fine

now i need include HTTP Basic security inside it

I'm trying to find a working simple spring security web example, but i cant
i've modified my spring configuration, i'm sure that there is an issue at spring-ws-servlet.xml but i don't know where

this is currently my web.xml

Code:

<?xml version="1.0" encoding="UTF-8"?>

<web-app 
		xmlns="http://java.sun.com/xml/ns/j2ee" 
		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
        version="2.4">

    <display-name>Servicio Web del Servidor ACS</display-name>
	
	<session-config>
		<session-timeout>30</session-timeout>
	</session-config>

    <servlet>
        <servlet-name>spring-ws</servlet-name>
        <servlet-class>org.springframework.ws.transport.http.MessageDispatcherServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>spring-ws</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>
	
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/applicationContext-security.xml
		</param-value>
	</context-param>
	
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
	
    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>



</web-app>

this is spring-ws-servlet.xml

Code:

<?xml version="1.0" encoding="UTF-8"?>

<!-- Archivo de definicion de Beans -->
<beans xmlns="http://www.springframework.org/schema/beans" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
	
	<bean id="messageFactory"
		class="org.springframework.ws.soap.axiom.AxiomSoapMessageFactory">
		<property name="payloadCaching" value="true" />
	</bean>
	
	<bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">  
		<property name="authenticationManager"><ref bean="authenticationManager"/></property>  
		<property name="authenticationEntryPoint"><ref bean="authenticationEntryPoint"/></property>  
	</bean>  
    
	<bean id="authenticationEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">  
 		<property name="realmName"><value>tst</value></property>  
	</bean>  
          
	<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">  
		<property name="providers">  
			<list>  
				<ref bean="daoAuthenticationProvider" />  
			</list>  
		</property>  
	</bean>  
          
	<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">  
		<property name="userDetailsService">  
			<ref bean="userDetailsService" />  
		</property>  
	</bean>  
       
	<bean id="AutonomousTransferComplete" class="endpoints.AutonomousTransferComplete"/>
	<bean id="GetRPCMethods" class="endpoints.GetRPCMethods"/>
	<bean id="Inform" class="endpoints.Inform"/>
	<bean id="TransferComplete" class="endpoints.TransferComplete"/>
	
	<!-- Mapeo de los Endpoint -->
	<bean class="org.springframework.ws.server.endpoint.mapping.PayloadRootQNameEndpointMapping">
		<property name="mappings">
			<props> 	
				<prop key="{urn:dslforum-org:cwmp-1-1}AutonomousTransferCompleteRequest">AutonomousTransferComplete</prop>
				<prop key="{urn:dslforum-org:cwmp-1-1}InformRequest">Inform</prop>
				<prop key="{urn:dslforum-org:cwmp-1-1}GetRPCMethodsRequest">GetRPCMethods</prop>
				<prop key="{urn:dslforum-org:cwmp-1-1}TransferCompleteRequest">TransferComplete</prop>
			</props>
		</property>
		
		

 		<property name="interceptors">
			<list>
				<bean id="loggingInterceptor" class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor"/>
				<bean id="validatingInterceptor" class="org.springframework.ws.soap.server.endpoint.interceptor.PayloadValidatingInterceptor">
					<property name="schema" value="/WEB-INF/schema.xsd"/>
					<property name="validateRequest" value="true"/>
					<property name="validateResponse" value="true"/>
				</bean> 
			</list>
		</property>  
	</bean>

	
	<!-- Definicion de WSDL-->
    <bean id="ServidorACS" class="org.springframework.ws.wsdl.wsdl11.DefaultWsdl11Definition">
        <property name="schema" ref="schema"/>
        <property name="portTypeName" value="ServidorACS"/>
        <property name="locationUri" value="http://localhost:8080/ServidorACS"/>
    </bean>

	<!-- Definicion del Esquema de datos XSD -->
    <bean id="schema" class="org.springframework.xml.xsd.SimpleXsdSchema">
        <property name="xsd" value="/WEB-INF/schema.xsd"/>
    </bean>

</beans>

finally my applicationContext-security.xml

Code:

<?xml version="1.0" encoding="UTF-8"?>
<!-->

Este codigo de ejemplo incluiria seguridad en las URL teminadas por "do" y en las otras no
<http auto-config="true">
	<intercept-url pattern="/*.do" access="ROLE_USER" />
	<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</http>

En el caso que yo quiero meto seguridad en todos los casos
<-->


<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                           http://www.springframework.org/schema/security
                           http://www.springframework.org/schema/security/spring-security-2.0.xsd">

    <security:global-method-security secured-annotations="enabled" />
    
    <security:http auto-config="true">
        <security:intercept-url pattern="/**" access="ROLE_USER" />
    </security:http>
	
	<security:authentication-provider>
		<security:user-service>
			<security:user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
			<security:user name="bob" password="bobspassword" authorities="ROLE_USER" />
			<security:user name="proyecto" password="pass4proyecto" authorities="ROLE_USER" />
		</security:user-service>
	</security:authentication-provider>

    <!-- <security:authentication-provider>
        <security:jdbc-user-service data-source-ref="dataSource" />
        
        
            david:newyork
            alex:newjersey
            tim:illinois
        
 
        <security:password-encoder hash="md5" />
        <security:user-service>
            <security:user name="david" password="369389d19e24204b4927e30dd7c39efc" authorities="ROLE_USER,ROLE_ADMIN" />
            <security:user name="alex" password="847c6f184197dc1545d9891d42814a7d" authorities="ROLE_USER" />
            <security:user name="tim" password="0513111ff330e25c631b5d3e9c0a4aae" authorities="ROLE_USER" />
        </security:user-service>
 
    </security:authentication-provider> -->
    
</beans>

i know that the "<ref bean="userDetailsService" />" generates the error i get, but i dont know how can i solve it.

Help me please!

**isterin** · Jul 22nd, 2009, 01:56 PM

First, your security file is not valid, your http section is before beans root tag? I'm not sure how this even compiles/validates.

You don't need a usersDetailsService, unless you actually implement the UserDetails interface yourself in your model. If not, then you either have to specify the SQL or make sure your relational schema has both user and authorities tables defined as in documentation.

Either way, all of this is in the docs. Let us know when you get further and if you need help figuring out something more specific.

Ilya

Thread: Simple spring security web

Thread Tools

Display

Simple spring security web

Tags for this Thread

Posting Permissions