堆栈内存溢出
  简体   繁体   English

Spring-ws和Spring安全性

[英]Spring-ws and Spring security

 原文  2013-12-02 17:43:31       spring/ web-services/ spring-security/ spring-ws

问题描述

I've an application with no spring security in it, we have a new requirement to add webservices, so we opted for spring-ws, i'm trying to add simple authentication using header values for each services request. 我有一个没有弹簧安全性的应用程序,我们有一个添加Web服务的新要求,因此我们选择了spring-ws,我试图使用每个服务请求的标头值添加简单的身份验证。 We do not want the complicated integrity test by encrypting the soap message/digest as mentioned in the spring-source . 我们不希望通过对spring-source中提到的soap消息/摘要进行加密来进行复杂的完整性测试。 All that we need is authenticate the user with uid,password and domain with the existing services to auth the user and forward the user to the requesting services if he is legit user. 我们需要做的就是使用现有服务使用uid,password和domain对用户进行身份验证,以对用户进行身份验证,如果该用户是合法用户,则将其转发到请求服务。 Is there a way to do it using spring-security? 有没有办法使用spring-security做到这一点? a little direction would help. 一个小方向会有所帮助。 Thanks. 谢谢。

2 个解决方案

解决方案1
 1  2013-12-04 09:40:08

Provided I understand you correctly, UsernamePasswordAuthenticationFilter implementation will fit your needs. 只要我理解正确,UsernamePasswordAuthenticationFilter实现将满足您的需求。 It uses HTTP POST parameters (j_username and j_password by default) to create UsernamePasswordAuthenticationToken which can be processed by appropriate AuthenticationProvider (see AbstractUserDetailsAuthenticationProvider supports method). 它使用HTTP POST参数(默认情况下为j_username和j_password)创建UsernamePasswordAuthenticationToken,可以由适当的AuthenticationProvider处理(请参见AbstractUserDetailsAuthenticationProvider支持的方法)。 You can implement own provider based on AbstractUserDetailsAuthenticationProvider as well, although you should be able to find appropriate implementation out of the box. 您也可以基于AbstractUserDetailsAuthenticationProvider实现自己的提供程序,尽管您应该可以立即找到合适的实现。

解决方案2
 0 已采纳  2013-12-05 21:41:49

I dont have to do any special setup, I can write custom filters in spring security and Custom Authproviders. 我不需要做任何特殊的设置,我可以在spring security和Custom Authproviders中编写自定义过滤器。 This seems to work great. 这看起来很棒。 I dont need Spring-ws for this process, this is used only in case of encryption of the messages. 我不需要Spring-ws进行此过程,仅在消息加密的情况下使用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 具有安全性的Spring-ws UnsupportedCallbackException - Spring-ws with security UnsupportedCallbackException Spring-WS的JAXB标头安全性 - JAXB Header security with Spring-WS 带有Apache Camel和Spring-WS的WS-Security - WS-Security with Apache Camel and Spring-WS 了解Spring-WS - Understanding Spring-WS 如何在 spring-ws 安全性上手动设置时间戳 - How to set timestamp manually on spring-ws security Spring-WS中的自定义上下文 - Custom Context in Spring-WS 在Spring-ws中使用SoapActionEndpointMapping - Usage of SoapActionEndpointMapping in Spring-ws 具有证书的Spring-WS客户端 - Spring-WS client with certificate Spring-WS项目创建 - Spring-WS project creation 拦截器上的Spring-ws错误 - Spring-ws error on interceptor
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM