Results 1 to 4 of 4

Thread: Spring WebServices with Spring Security

Hybrid View

  1. Jun 29th, 2010, 12:54 AM #1
    gillu4u
    gillu4u is offline Junior Member
    Join Date
    Jun 2010
    Posts
    5

    Default Spring WebServices with Spring Security

    I have a requirement of Exposing Spring beans to multiple users. They are local users and public users (public users access via Web service)
    I have roles defined for each users, as the spring beans method access should be a role based access.

    To achieve above
    1. will Spring security & Spring web services are the better approach? and if yes,
    2. how can I integrate spring security with Spring web services (so that method should be accessed based on role)?
    3. How do I maintain user sessions while accessing the methods (for local users as well as web services client)?
    4. Do we need to pass user id and passowrd for every method call (for web services)?
    Reply With Quote Reply With Quote
  2. Jul 1st, 2010, 02:36 AM #2
    gillu4u
    gillu4u is offline Junior Member
    Join Date
    Jun 2010
    Posts
    5

    Default

    I am new to Spring as well as Spring Community.
    I really appreciate if some one can help me in this regard.
    Reply With Quote Reply With Quote
  3. Jul 1st, 2010, 05:08 AM #3
    evandongen
    evandongen is offline Junior Member
    Join Date
    Mar 2010
    Location
    Rotterdam
    Posts
    21

    Default

    I don't know the answers to all of your questions. However, I've implemented a webservice with the spring-ws/spring-security combination. There are some evolving standards to maintain state for a (soap) webservice (for instance: WS-SecureConversation).

    Those aren't supported (yet?) by spring-ws, so you'll have to pass username and password with each request. You can easily do so with a SecurityInterceptor at the client side:
    Code:
    <bean id="securityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
    <property name="policyConfiguration" value="classpath:xwss-config.xml"/>
    <property name="callbackHandler" ref="springSecurityHandler"/>
</bean>
<bean id="springSecurityHandler" class="org.springframework.ws.soap.security.xwss.callback.SpringUsernamePasswordCallbackHandler"/>
    On the server side you'll have to have an interceptor in your endpointmapping which'll try to authenticate against the defined authentication bean.
    Last edited by evandongen; Jul 1st, 2010 at 05:09 AM. Reason: forgot the springSecurityHandler definition
    Reply With Quote Reply With Quote
  4. Jul 26th, 2010, 04:43 PM #4
    aragonknight
    aragonknight is offline Junior Member
    Join Date
    Feb 2009
    Posts
    28

    Default

    Could you please elobarate on how do i specify the username and password from the soap message. should the authentication details be from the header or within the body. and do i have to pass j_username and j_password?

    please clarify.

    Thank you in advance for your help and time.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules