堆栈内存溢出
  简体   繁体   English

Spring Boot / Security / Apache CXF SOAP服务访问限制

[英]Spring Boot/Security/Apache CXF SOAP service access restriction

 原文  2016-12-13 14:48:27       java/ spring/ spring-boot/ spring-security/ cxf

问题描述

I have created Apache CXF SOAP webservice in Spring Boot as per below config: 我在Spring Boot中创建了Apache CXF SOAP webservice,如下所示: 

@Bean
public ServletRegistrationBean wsDispatcherServlet() {
 return new ServletRegistrationBean(new CXFServlet(), "/service/*");
}

@Bean
public Endpoint pegaEndpoint() {
 EndpointImpl endpoint = new EndpointImpl(springBus, "/service/");
 endpoint.publish("ws");
 return endpoint;
}

Now I want to use httpBasic authentication to call a web service, but at the same time I want the WSDL to be publicly accessible. 现在我想使用httpBasic身份验证来调用Web服务,但同时我希望WSDL可以公开访问。 Is that possible to configure with Spring Security? 是否可以使用Spring Security进行配置? I have below code in Java Configuration class for security, but it doesnt really work - the basic authentication is enforced on both web service calls and wsdl accessed by http://localhost:8080/service/ws?WSDL 为了安全起见,我在Java配置类中有以下代码,但它确实不起作用 - 在http://localhost:8080/service/ws?WSDL访问的Web服务调用和wsdl上强制执行基本身份验证

Can Spring Security differentiate based on the URL param? Spring Security可以根据URL参数进行区分吗? Or can I set a WSDL location to be different that the URL used to call the web service? 或者,我可以将WSDL位置设置为与用于调用Web服务的URL不同吗? 

@Autowired
private void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}

@Override
public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().                                                                                  
        antMatchers("/service/**").hasRole("USER").and().httpBasic().and().
        csrf().disable();
}

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/service/ws?wsdl");
}

2 个解决方案

解决方案1
 0  2016-12-13 15:30:31

Permit all on the wsdl should do it - 允许所有在wsdl上应该这样做 - 

        http
            .authorizeRequests()
                .antMatchers("/service/ws?wsdl").permitAll()
                .antMatchers("/service/**").hasRole("USER").and().httpBasic().and().
        csrf().disable();

解决方案2
 0  2016-12-13 16:01:06

I ended up doing below. 我最终在下面做了。 Apparently ant matchers dont recognize any URL parameters so I used regex one: 显然蚂蚁匹配器不识别任何URL参数所以我使用正则表达式: 

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().regexMatchers("/service/ws\\?WSDL");
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 用于soap web服务的Spring Boot + Apache CXF - Spring boot + Apache CXF for soap web service Vaadin 与 Apache CXF SOAP 服务 - Vaadin with Apache CXF SOAP service 访问被拒绝Apache CXF SOAP - Access is denied Apache CXF SOAP 发布 Apache CXF 服务时出现异常(java 配置,无 Spring Boot) - Exception while publishing Apache CXF service (java config, no Spring Boot) Apache CXF身份验证+ Spring安全性 - Apache CXF authentication + spring security Spring Boot中的SOAP服务 - SOAP service in spring boot 使用Apache CXF的Web服务上的SOAP命名空间问题 - SOAP namespace issue on web service with Apache CXF Spring boot apache CXF 捕获soap错误并返回http错误码 - Spring boot apache CXF capture soap errors and return http error code 为什么Spring-Boot应用程序在创建CXF SOAP服务步骤时冻结? - Why does Spring-Boot application freeze on creating CXF SOAP service step? 使用Spring Boot的Apache CXF-路由问题 - Apache CXF with Spring Boot - problems with routes
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM