Results 1 to 1 of 1

Thread: How to make web service secured

  1. Oct 12th, 2010, 07:59 PM #1
    kuntalm
    kuntalm is offline Junior Member
    Join Date
    Oct 2010
    Posts
    4

    Default How to make web service secured

    Hi All,
    I am currently struggling to make an web service "secured" using spring framework. Using JAAS I can make it "secured" but with Spring I do not know how to make it "secured" (i.e. authenticated by valid username/password ).

    Can anyone please put me into right direction?
    I followed the steps as specified in this link:
    https://jax-ws-commons.dev.java.net/spring/ - which is :

    With JAX-WS 2.0 annotation I have exposed an EJB as web service.
    The WSDL and other portable artifacts have been generated properly.

    In my applicationContext-security.xml file I have specified the required binding - like:
    ===========
    <wss:binding url="/ApiUserService/ApiUserBean">
    <wss:service>
    <ws:service bean="#ejbWebService"/>
    </wss:service>
    </wss:binding>

    <beans:bean id="ejbWebService" class="com.hp.im.server.edm.apiuser.ApiUserBean"/>
    ============

    I have defined the filter: "org.springframework.web.filter.DelegatingFilterPr oxy" in my web.xml file properly so that Spring handle all requests coming to the web application through it.

    I have implemented my AuthenticationSecurityFilter extending from org.springframework.security.web.authentication.Us ernamePasswordAuthenticationFilter and specified that filter appropriately in applicationContext-security.xml file.

    I can access the WSDL and web service but how do I make this web service "secured" so that when client will access it with username/password, spring will authenticate it using my Security filter?

    I am new in webservice area - so may be some basic steps I am missing.
    Can anyone please give me any suggestion?
    I am totally stuck on this..

    Thanks a lot in advance.

    ==============================
    I have created a basicAuthenticationFilter like shown below - but it does not look like getting invoked when a WS client tries to invoke the web service method.
    The webservice method is annotated with @RolesAllowed("MyRole") - but web service context always gets the username = ANONYMOUS
    Any idea what is happening there?



    <beans:bean id="basicAuthenticationFilter"
    class="org.springframework.security.web.authentica tion.www.BasicAuthenticationFilter">
    <beansroperty name="authenticationManager" ref="authenticationManagerAlias"/>
    <beansroperty name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
    </beans:bean>
    <beans:bean id="authenticationEntryPoint"
    class="org.springframework.security.web.authentica tion.www.BasicAuthenticationEntryPoint">
    <beansroperty name="realmName" value="MyRole"/>
    </beans:bean>
    Last edited by kuntalm; Oct 13th, 2010 at 04:52 PM. Reason: Added more content
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules