-
Nov 3rd, 2009, 04:57 AM
#1
Problem configuring WS-Security for my web service. Help needed.
Hi All,
I have been trying to configure username based authentication for my web service using Spring Security Manager. The problem that I am facing is that now whatever SOAP request I send(with credentials in the SOAP header), I end up getting "HTTP/1.1 401 Unauthorized". I am wondering if I am missing something in the SOAP request header?
I am using mule esb version 2.2.0 and spring version 2.2.5.
Following is my springcontext-mule.xml -
************************************************** *****************
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns="http://www.mulesource.org/schema/mule/core/2.2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:http="http://www.mulesource.org/schema/mule/http/2.2"
xmlns:mule-ss="http://www.mulesource.org/schema/mule/spring-security/2.2"
xmlns:ss="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-2.5.xsd
http://www.mulesource.org/schema/mule/core/2.2 http://www.mulesource.org/schema/mule/core/2.2/mule.xsd
http://www.mulesource.org/schema/mule/http/2.2 http://www.mulesource.org/schema/mul.../mule-http.xsd
http://www.mulesource.org/schema/mul...g-security/2.2
http://www.mulesource.org/schema/mul...g-security.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<mule-ss:security-manager>
<mule-ss:delegate-security-provider name="memory-provider" delegate-ref="authenticationManager" />
</mule-ss:security-manager>
<spring:beans>
<ss:authentication-manager alias="authenticationManager" />
<ss:authentication-provider>
<ss:user-service id="userService">
<ss:user name="ross" password="ross" authorities="" />
<ss:user name="anon" password="anon" authorities="" />
</ss:user-service>
</ss:authentication-provider>
</spring:beans>
<http:connector name="HttpConnector" enableCookies="true" keepAlive="true"/>
<!--<spring:beans>
<spring:import resource="classpath*:META-INF/springcontext-*.xml" />
</spring:beans>
-->
<model name="servicesa">
<service name="ProductCatalogService">
<inbound>
<inbound-endpoint address="http://localhost:65082/servicesa/ProductCatalogService">
<mule-ss:http-security-filter realm="mule-realm"/>
</inbound-endpoint>
</inbound>
<component>
<singleton-object class="example.catalog.ProductCatalogServiceImpl"/>
<!-- <spring-object bean="productCatalogService" /> -->
</component>
</service>
</model>
</mule>
************************************************** **************
And the soap request I am sending is -
************************************************** ****************
<soapenv:Envelope xmlns:cat="http://catalog.example/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>ross</wsse:Username>
<wsse:Password Type="PasswordText">ross</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<cat:listProducts/>
</soapenv:Body>
</soapenv:Envelope>
************************************************** **************
If I remove the http-security-filter from my service inbound endpoint and send a soap request without credentials in the header, then the service works perfectly fine. I don't know what am I missing here??
Any help is much appreciated.
Thanks and Regards,
Abhijeet
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
