Announcement Announcement Module
No announcement yet.
Adding Spring-WS security to my existing webservices Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Adding Spring-WS security to my existing webservices


    We have a set of webservices that are hosted on our app and they are currently consumed by webservice clients using Basic HTTP Auth. We are also planning to support WS-Security in addition to the Basic Auth. This means, the clients have an option to send a SOAP request with Basic Auth or use WS-Security. I am trying to set up an EndPointInterceptor, not sure how to proceed. Any ideas would be helpful?

    Some suggestions I have :

    1) Include the XwsSecurityInterceptor first in the interceptor list with skipValidationIfNoHeaderPresent = true; this will skip the WS request if it does not find any WS-Security headers.
    2) Include my own implementation of Interceptor that cracks open the HttpHeader, extracts the password/username and does an authentication against some kind of authentication manager.

    Is this the right approach?