Announcement Announcement Module
Collapse
No announcement yet.
Simple spring security web Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Simple spring security web

    i've developed a spring web service, it works fine
    now i need include HTTP Basic security inside it

    I'm trying to find a working simple spring security web example, but i cant
    i've modified my spring configuration, i'm sure that there is an issue at spring-ws-servlet.xml but i don't know where

    this is currently my web.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
    <web-app 
    		xmlns="http://java.sun.com/xml/ns/j2ee" 
    		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
            version="2.4">
    
        <display-name>Servicio Web del Servidor ACS</display-name>
    	
    	<session-config>
    		<session-timeout>30</session-timeout>
    	</session-config>
    
        <servlet>
            <servlet-name>spring-ws</servlet-name>
            <servlet-class>org.springframework.ws.transport.http.MessageDispatcherServlet</servlet-class>
        </servlet>
    
        <servlet-mapping>
            <servlet-name>spring-ws</servlet-name>
            <url-pattern>/*</url-pattern>
        </servlet-mapping>
    	
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>
    			/WEB-INF/applicationContext-security.xml
    		</param-value>
    	</context-param>
    	
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
    	
        <filter-mapping>
          <filter-name>springSecurityFilterChain</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
    
    
    
    </web-app>
    this is spring-ws-servlet.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
    <!-- Archivo de definicion de Beans -->
    <beans xmlns="http://www.springframework.org/schema/beans" 
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:security="http://www.springframework.org/schema/security"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
    	
    	<bean id="messageFactory"
    		class="org.springframework.ws.soap.axiom.AxiomSoapMessageFactory">
    		<property name="payloadCaching" value="true" />
    	</bean>
    	
    	<bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">  
    		<property name="authenticationManager"><ref bean="authenticationManager"/></property>  
    		<property name="authenticationEntryPoint"><ref bean="authenticationEntryPoint"/></property>  
    	</bean>  
        
    	<bean id="authenticationEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">  
     		<property name="realmName"><value>tst</value></property>  
    	</bean>  
              
    	<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">  
    		<property name="providers">  
    			<list>  
    				<ref bean="daoAuthenticationProvider" />  
    			</list>  
    		</property>  
    	</bean>  
              
    	<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">  
    		<property name="userDetailsService">  
    			<ref bean="userDetailsService" />  
    		</property>  
    	</bean>  
           
    	<bean id="AutonomousTransferComplete" class="endpoints.AutonomousTransferComplete"/>
    	<bean id="GetRPCMethods" class="endpoints.GetRPCMethods"/>
    	<bean id="Inform" class="endpoints.Inform"/>
    	<bean id="TransferComplete" class="endpoints.TransferComplete"/>
    	
    	<!-- Mapeo de los Endpoint -->
    	<bean class="org.springframework.ws.server.endpoint.mapping.PayloadRootQNameEndpointMapping">
    		<property name="mappings">
    			<props> 	
    				<prop key="{urn:dslforum-org:cwmp-1-1}AutonomousTransferCompleteRequest">AutonomousTransferComplete</prop>
    				<prop key="{urn:dslforum-org:cwmp-1-1}InformRequest">Inform</prop>
    				<prop key="{urn:dslforum-org:cwmp-1-1}GetRPCMethodsRequest">GetRPCMethods</prop>
    				<prop key="{urn:dslforum-org:cwmp-1-1}TransferCompleteRequest">TransferComplete</prop>
    			</props>
    		</property>
    		
    		
    
     		<property name="interceptors">
    			<list>
    				<bean id="loggingInterceptor" class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor"/>
    				<bean id="validatingInterceptor" class="org.springframework.ws.soap.server.endpoint.interceptor.PayloadValidatingInterceptor">
    					<property name="schema" value="/WEB-INF/schema.xsd"/>
    					<property name="validateRequest" value="true"/>
    					<property name="validateResponse" value="true"/>
    				</bean> 
    			</list>
    		</property>  
    	</bean>
    
    	
    	<!-- Definicion de WSDL-->
        <bean id="ServidorACS" class="org.springframework.ws.wsdl.wsdl11.DefaultWsdl11Definition">
            <property name="schema" ref="schema"/>
            <property name="portTypeName" value="ServidorACS"/>
            <property name="locationUri" value="http://localhost:8080/ServidorACS"/>
        </bean>
    
    	<!-- Definicion del Esquema de datos XSD -->
        <bean id="schema" class="org.springframework.xml.xsd.SimpleXsdSchema">
            <property name="xsd" value="/WEB-INF/schema.xsd"/>
        </bean>
    
    </beans>
    finally my applicationContext-security.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!-->
    
    Este codigo de ejemplo incluiria seguridad en las URL teminadas por "do" y en las otras no
    <http auto-config="true">
    	<intercept-url pattern="/*.do" access="ROLE_USER" />
    	<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    </http>
    
    En el caso que yo quiero meto seguridad en todos los casos
    <-->
    
    
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:security="http://www.springframework.org/schema/security"
           xsi:schemaLocation="http://www.springframework.org/schema/beans
                               http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                               http://www.springframework.org/schema/security
                               http://www.springframework.org/schema/security/spring-security-2.0.xsd">
    
        <security:global-method-security secured-annotations="enabled" />
        
        <security:http auto-config="true">
            <security:intercept-url pattern="/**" access="ROLE_USER" />
        </security:http>
    	
    	<security:authentication-provider>
    		<security:user-service>
    			<security:user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
    			<security:user name="bob" password="bobspassword" authorities="ROLE_USER" />
    			<security:user name="proyecto" password="pass4proyecto" authorities="ROLE_USER" />
    		</security:user-service>
    	</security:authentication-provider>
    
        <!-- <security:authentication-provider>
            <security:jdbc-user-service data-source-ref="dataSource" />
            
            
                david:newyork
                alex:newjersey
                tim:illinois
            
     
            <security:password-encoder hash="md5" />
            <security:user-service>
                <security:user name="david" password="369389d19e24204b4927e30dd7c39efc" authorities="ROLE_USER,ROLE_ADMIN" />
                <security:user name="alex" password="847c6f184197dc1545d9891d42814a7d" authorities="ROLE_USER" />
                <security:user name="tim" password="0513111ff330e25c631b5d3e9c0a4aae" authorities="ROLE_USER" />
            </security:user-service>
     
        </security:authentication-provider> -->
        
    </beans>

    i know that the "<ref bean="userDetailsService" />" generates the error i get, but i dont know how can i solve it.

    Help me please!

  • #2
    First, your security file is not valid, your http section is before beans root tag? I'm not sure how this even compiles/validates.

    You don't need a usersDetailsService, unless you actually implement the UserDetails interface yourself in your model. If not, then you either have to specify the SQL or make sure your relational schema has both user and authorities tables defined as in documentation.

    Either way, all of this is in the docs. Let us know when you get further and if you need help figuring out something more specific.

    Ilya

    Comment

    Working...
    X