Announcement Announcement Module
Collapse
No announcement yet.
Spring Security OAuth with Spring Web Services Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security OAuth with Spring Web Services

    Is it possible to secure Spring Webservices with Spring Security OAuth? I've read somewhere (http://static.springsource.org/sprin...y.html#d5e2241) that Spring Security supports Spring Webservices but I'm not sure if OAuth would work too. If it does do you have any examples you can point me to?

    I was thinking of implementing a WSDL/SOAP Web Service and secure it using OAuth, so if you could point me in the right direction it would be nice.
    Last edited by petersaints; Nov 6th, 2012, 10:16 AM.

  • #2
    There's nothing special about OAuth. I doubt if you'll find any examples specifically of what you want, but all you really need is a <oauth:resource-server/> (assume OAuth2) and the Spring Security filter chain in your service config. Any examples you find of using Spring Security should work fine.

    Comment


    • #3
      Exactly. I thought that might work. Today I was able to configure the Spring WS Tutorial to use Spring Security In Memory implementation. I haven't tried OAuth yet... but a doubt arises. OAuth makes authentication based on HTTP headers (the Athorization: bearer <TOKEN> thing) and WSDL/SOAP web services use XML elements on the SOAP message header for authentication.

      So if I do a request without the security header filed up but with a valid Access Token in the header of the HTTP request in it would authenticate correctly? Because I really doubt that the Spring Security OAuth will work with the SOAP security headers, that have no direct way of expressing authentication with a single token.

      Comment


      • #4
        The OAuth spec only recommends that you use a header for authentication and that's the default strategy in Spring OAuth. You could do it any way you like, but in any case your clients are going to have to know about it.

        Comment

        Working...
        X