Announcement Announcement Module
No announcement yet.
Securing a remote service Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Securing a remote service

    Hi everyone,

    On the application I'm working on I have a couple of remote services exposed with HTTP invoker. On the server side I protect the remote service URI using Spring Security intercept-url feature in the application context file. On the client side I set the property httpInvokerRequestExecutor of the remote service to an instance of AuthenticationSimpleHttpInvokerRequestExecutor.

    But now I find myself stuck because I do not know how to set some credentials on the client webapp to access the secured remote services. Those services are sometimes called during scheduled tasks so I can't use the current user's credentials to access the remote services.

    Does someone have an idea about that?

    Thanks in advance.

  • #2
    I suggest the Spring Security Reference Guide, the section covering RunAs might be useful (although a little sparse).

    If you use scheduled tasks to call services (i.e. spring security without a web logging) add an Interceptor which populates the current context with a default user. Which basically simulates the login process from the web.