stackoom
  简体   繁体   中英

Spring Boot/Security/Apache CXF SOAP service access restriction

 原文  2016-12-13 14:48:27       java/ spring/ spring-boot/ spring-security/ cxf

Question

I have created Apache CXF SOAP webservice in Spring Boot as per below config: 

@Bean
public ServletRegistrationBean wsDispatcherServlet() {
 return new ServletRegistrationBean(new CXFServlet(), "/service/*");
}

@Bean
public Endpoint pegaEndpoint() {
 EndpointImpl endpoint = new EndpointImpl(springBus, "/service/");
 endpoint.publish("ws");
 return endpoint;
}

Now I want to use httpBasic authentication to call a web service, but at the same time I want the WSDL to be publicly accessible. Is that possible to configure with Spring Security? I have below code in Java Configuration class for security, but it doesnt really work - the basic authentication is enforced on both web service calls and wsdl accessed by http://localhost:8080/service/ws?WSDL

Can Spring Security differentiate based on the URL param? Or can I set a WSDL location to be different that the URL used to call the web service? 

@Autowired
private void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}

@Override
public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().                                                                                  
        antMatchers("/service/**").hasRole("USER").and().httpBasic().and().
        csrf().disable();
}

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/service/ws?wsdl");
}

2 answers

solution1
 0  2016-12-13 15:30:31

Permit all on the wsdl should do it - 

        http
            .authorizeRequests()
                .antMatchers("/service/ws?wsdl").permitAll()
                .antMatchers("/service/**").hasRole("USER").and().httpBasic().and().
        csrf().disable();

solution2
 0  2016-12-13 16:01:06

I ended up doing below. Apparently ant matchers dont recognize any URL parameters so I used regex one: 

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().regexMatchers("/service/ws\\?WSDL");
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring boot + Apache CXF for soap web service Vaadin with Apache CXF SOAP service Access is denied Apache CXF SOAP Exception while publishing Apache CXF service (java config, no Spring Boot) Apache CXF authentication + spring security SOAP service in spring boot SOAP namespace issue on web service with Apache CXF Spring boot apache CXF capture soap errors and return http error code Why does Spring-Boot application freeze on creating CXF SOAP service step? Apache CXF with Spring Boot - problems with routes
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM