Announcement Announcement Module
Collapse
No announcement yet.
Authentication with JAXB or SOAP Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authentication with JAXB or SOAP

    Hello,

    i develop a modular webapp. One part of this is a JSF-webapp, the frontend, contains only views with controller and a service-layer (REST-client and SOAP-client) , running on Jboss. Another part, the backend, provides webservices (REST-server, SOAP-services) and hold's the connection to the database. Frontend dont have possibility to connect to a database.

    My question/problem:

    Authentication has to perform from a Login-Page (Frontend) via REST-service or SOAP to the backend. Backend has to connect to database, to check the credentials and to response the result to the frontend and store in session. In a single webapp it is not the problem. There i use a security-config.xml like this :

    Code:
     <security:http auto-config="true">
                  <security:form-login login-page="/app/main" default-target-url="/app/account" />
                  <security:logout logout-url="/app/logout" logout-success-url="/app/main" />
              </security:http>
              
              <security:authentication-manager>
                  <security:authentication-provider user-service-ref="userService">
                      <security:password-encoder ref="encoder" />
                  </security:authentication-provider>
              </security:authentication-manager>
              
              <bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
                  <property name="userDetailsService" ref="userService" />
                  <property name="hideUserNotFoundExceptions" value="false" />        
              </bean>
              
              <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
                  <constructor-arg>
                      <ref bean="daoAuthenticationProvider" />
                  </constructor-arg>
              </bean>
              
      <bean id="encoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
           <constructor-arg value="512"/>
           </bean>
    in bean.xml :

    Code:
     <bean id="userAuthenticationProviderService" class="de.relo.services.impl.UserAuthenticationProviderServiceImpl">
              <property name="authenticationManager" ref="authenticationManager" />
          </bean>
    and a java class :

    Code:
    ...
    private AuthenticationManager authenticationManager;
    
        public AuthenticationManager getAuthenticationManager() {
            return authenticationManager;
        }
    
        public void setAuthenticationManager(AuthenticationManager authenticationManager) {
            this.authenticationManager = authenticationManager;
        }
    
        /**
         * {@inheritDoc}
         */
        @Override
        public boolean processUserAuthentication(UserEntity user) {
    
            try {
                Authentication request = new UsernamePasswordAuthenticationToken(user.getUserName(), user.getPassword());
                Authentication result = authenticationManager.authenticate(request);
                SecurityContextHolder.getContext().setAuthentication(result);
                return true;
            } catch (AuthenticationException ex) {
                FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, ex.getMessage(), "Sorry"));
                return false;
            }
        }
    I dont know how i get it working via JAXB or SOAP. For example:

    Backend REST class :

    Code:
     public class UserAuthServiceImpl implements RestUserAuthService {
       
      @Override
          public Response login(final String xmlRequestString) {
              
              Request request = JAXB.unmarshal(xmlRequestString, Request.class);
              UserAuthRequest userAuthRequest = request.getAuthRequest(); // contains username and password
              
              UserAuthUtil util = new UserAuthUtilImpl();
              UserAuthResponse userAuthResponse = util.login(userAuthRequest); 
              
              Response response = new Response();
              response.setAuthResponse(userAuthResponse);
       
              return response;
          }
    }
    and in the UserAuthUtilImpl class:

    Code:
     @Override
          public UserAuthResponse login(final UserAuthRequest userAuthRequest) {        
              String username = userAuthRequest.getUsername();
              String password = userAuthRequest.getPassword();        
              UserAuthResponse userAuthResponse = new UserAuthResponse();
              userAuthResponse.setSuccess(authenticate(username, password));
              return userAuthResponse;
          }
     
      private boolean authenticate(final String username, final String password) {
              Authentication auth = new UsernamePasswordAuthenticationToken(username, password);
              Authentication authResult = authenticationManager.authenticate(auth);        
              SecurityContextHolder.getContext().setAuthentication(authResult);
              boolean success = authResult.isAuthenticated();
              return success;
          }
    backend dont need (i think so) in security-config.xml:

    [CODE] <security:http auto-config="true">
    <security:form-login login-page="/app/main" default-target-url="/app/account" />
    <security:logout logout-url="/app/logout" logout-success-url="/app/main" />
    </security:http>
    [CODE]

    If i understand right Spring Security, if an user is authenticated successfully, user-credentials are stored in session. But how do i put the credentials in the session if i get only true or false from backend, because i cant store SecurityContextHolder via JAXB from backend to frontend?

    Greetings
Working...
X