Spring-ws and Spring security
Question
I've an application with no spring security in it, we have a new requirement to add webservices, so we opted for spring-ws, i'm trying to add simple authentication using header values for each services request. We do not want the complicated integrity test by encrypting the soap message/digest as mentioned in the spring-source . All that we need is authenticate the user with uid,password and domain with the existing services to auth the user and forward the user to the requesting services if he is legit user. Is there a way to do it using spring-security? a little direction would help. Thanks.
2 answers
solution1
1 2013-12-04 09:40:08
Provided I understand you correctly, UsernamePasswordAuthenticationFilter implementation will fit your needs. It uses HTTP POST parameters (j_username and j_password by default) to create UsernamePasswordAuthenticationToken which can be processed by appropriate AuthenticationProvider (see AbstractUserDetailsAuthenticationProvider supports method). You can implement own provider based on AbstractUserDetailsAuthenticationProvider as well, although you should be able to find appropriate implementation out of the box.
solution2
0 ACCPTED 2013-12-05 21:41:49
I dont have to do any special setup, I can write custom filters in spring security and Custom Authproviders. This seems to work great. I dont need Spring-ws for this process, this is used only in case of encryption of the messages.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.