Announcement Announcement Module
Collapse
No announcement yet.
How to implement different ways of authentication Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to implement different ways of authentication

    Hi,

    I'm using the current release of spring (3.0.5) ans spring security for my webapplication.
    The application can be called from two different ways:
    1. PreAuthenticatedAuthenticationProvider: the request contains an "iv-user" parameter with the username of the current user (already authenticated by another application) - this way works fine.
    2. Webservice call: until now this call was not secured and workes also fine, but from now the security should be handled by spring security using basic authentication.

    I don't know how to configure spring security in the server application depending on the URI. I've already tried this:
    Code:
    <beans:bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy" >
    	  <filter-chain-map path-type="ant">
    	     <filter-chain pattern="/pages/**" filters="
    	        preAuthenticatedProcessingFilter,
    	        exceptionTranslationFilter,
             	filterSecurityInterceptor" />
    	     <filter-chain pattern="/webservice/**" filters="
    			basicAuthenticationFilter,
    			filterSecurityInterceptor"/>
    	  </filter-chain-map>
    	</beans:bean>
    But I don't know how to proceed, to secure the webservice with basic authentication, e.g where to define the username and password.


    Thanks for your help,
    Sam

  • #2
    A follow-up question.

    For the web service, are you using REST-based or SOAP-based? For SOAP (which I assume you do), you should use WS-Security or create a custom username tokens in the SOAP header.

    Comment

    Working...
    X