Announcement Announcement Module
No announcement yet.
Security issue Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security issue

    I am currently in the process of developing a web service (public facing) using spring LDAP and XFire that needs to include some basic security. I have been reading through the documentation but I am finding it a little confusing. I want the web service user to enter a username and password to be able to use the service. The service will authenticate the credentials entered by checking them in LDAP. If they match then the user will be passed back a token that will allow them to make further requests while the token is active.
    I understand that if I pass the username and password to the service then it should be encrypted, what is the recommended way to do this? Should I be using SSL? Are there any recommendations regarding tokens? Is there any example code?

  • #2
    You probably don't want to implement this kind of stuff from scratch - have a look at Acegi Security for Spring instead. That will help you with authentication, security tokens and that kind of stuff. It's well documented and there's also a separate forum for it here at Spring Framework Support Forums.


    • #3
      Thanks for your reply, I'll take a look at acegi.