I have created Apache CXF SOAP webservice in Spring Boot as per below config:
@Bean
public ServletRegistrationBean wsDispatcherServlet() {
return new ServletRegistrationBean(new CXFServlet(), "/service/*");
}
@Bean
public Endpoint pegaEndpoint() {
EndpointImpl endpoint = new EndpointImpl(springBus, "/service/");
endpoint.publish("ws");
return endpoint;
}
Now I want to use httpBasic authentication to call a web service, but at the same time I want the WSDL to be publicly accessible. Is that possible to configure with Spring Security? I have below code in Java Configuration class for security, but it doesnt really work - the basic authentication is enforced on both web service calls and wsdl accessed by http://localhost:8080/service/ws?WSDL
Can Spring Security differentiate based on the URL param? Or can I set a WSDL location to be different that the URL used to call the web service?
@Autowired
private void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().
antMatchers("/service/**").hasRole("USER").and().httpBasic().and().
csrf().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/service/ws?wsdl");
}
Permit all on the wsdl should do it -
http
.authorizeRequests()
.antMatchers("/service/ws?wsdl").permitAll()
.antMatchers("/service/**").hasRole("USER").and().httpBasic().and().
csrf().disable();
I ended up doing below. Apparently ant matchers dont recognize any URL parameters so I used regex one:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().regexMatchers("/service/ws\\?WSDL");
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.