I am currently struggling to make an web service "secured" using spring framework. Using JAAS I can make it "secured" but with Spring I do not know how to make it "secured" (i.e. authenticated by valid username/password ).
Can anyone please put me into right direction?
I followed the steps as specified in this link:
https://jax-ws-commons.dev.java.net/spring/ - which is :
With JAX-WS 2.0 annotation I have exposed an EJB as web service.
The WSDL and other portable artifacts have been generated properly.
In my applicationContext-security.xml file I have specified the required binding - like:
<beans:bean id="ejbWebService" class="com.hp.im.server.edm.apiuser.ApiUserBean"/>
I have defined the filter: "org.springframework.web.filter.DelegatingFilterPr oxy" in my web.xml file properly so that Spring handle all requests coming to the web application through it.
I have implemented my AuthenticationSecurityFilter extending from org.springframework.security.web.authentication.Us ernamePasswordAuthenticationFilter and specified that filter appropriately in applicationContext-security.xml file.
I can access the WSDL and web service but how do I make this web service "secured" so that when client will access it with username/password, spring will authenticate it using my Security filter?
I am new in webservice area - so may be some basic steps I am missing.
Can anyone please give me any suggestion?
I am totally stuck on this..
Thanks a lot in advance.
I have created a basicAuthenticationFilter like shown below - but it does not look like getting invoked when a WS client tries to invoke the web service method.
The webservice method is annotated with @RolesAllowed("MyRole") - but web service context always gets the username = ANONYMOUS
Any idea what is happening there?
<beansroperty name="authenticationManager" ref="authenticationManagerAlias"/>
<beansroperty name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
<beansroperty name="realmName" value="MyRole"/>