Back Forum Reply New
amy

1#
Print
tT
Post at 2011-4-15 14:50 | This Author's Posts Only

How to make web service secured

web, spring, framework, currently, direction
Hi All,
I am currently struggling to make an web service quot;securedquot; using spring framework. Using JAAS I can make it quot;securedquot; but with Spring I do not know how to make it quot;securedquot; (i.e. authenticated by valid username/password ).

Can anyone please put me into right direction?
I followed the steps as specified in this link:
spring/       - which is :

With JAX-WS 2.0 annotation I have exposed an EJB as web service.
The WSDL and other portable artifacts have been generated properly.

In my applicationContext-security.xml file I have specified the required binding - like:
===========
lt;wss:binding ucl=quot;/ApiUserService/ApiUserBeanquot;gt;lt;wss:servicegt;    lt;ws:service bean=quot;#ejbWebServicequot;/gt;lt;/wss:servicegt;   lt;/wss:bindinggt;
   lt;beans:bean id=quot;ejbWebServicequot; class=quot;com.hp.im.server.edm.apiuser.ApiUserBeanquot;/gt;
============

I have defined the filter: quot;org..web.filter.DelegatingFilterPr  oxyquot; in my web.xml file properly so that Spring handle all requests coming to the web application through it.

I have implemented my AuthenticationSecurityFilter extending from org..security.web.authentication.Us  ernamePasswordAuthenticationFilter and specified that filter appropriately in  applicationContext-security.xml  file.

I can access the WSDL and web service but how do I make this web service quot;securedquot; so that when client will access it with username/password, spring will authenticate it using my Security filter?

I am new in webservice area - so may be some basic steps I am missing.
Can anyone please give me any suggestion?
I am totally stuck on this..

Thanks a lot in advance.

==============================
I have created a basicAuthenticationFilter like shown below - but it does not look like getting invoked when a WS client tries to invoke the web service method.
The webservice method is annotated with @RolesAllowed(quot;MyRolequot;) - but web service context always gets the username = ANONYMOUS
Any idea what is happening there?
lt;beans:bean id=quot;basicAuthenticationFilterquot;class=quot;org..security.web.authentica  tion.      lt;beansroperty name=quot;authenticationManagerquot; ref=quot;authenticationManagerAliasquot;/gt;       lt;beansroperty name=quot;authenticationEntryPointquot; ref=quot;authenticationEntryPointquot;/gt;   lt;/beans:beangt;   lt;beans:bean id=quot;authenticationEntryPointquot;class=quot;org..security.web.authentica  tion.      lt;beansroperty name=quot;realmNamequot; value=quot;MyRolequot;/gt;   lt;/beans:beangt;
Favor Share Rate
Reply Quote

Subscribe TOP

¥
Back Forum Reply New