Announcement Announcement Module
Collapse
No announcement yet.
Basic Spring Web Service Authentication with database username/password Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Basic Spring Web Service Authentication with database username/password

    Hi,
    I am looking for a simple example of Spring Web Service that would serve the purpose of Authentication through database login.

    I have started implementing Spring Security Interceptor such as:
    Code:
    <sws:interceptors>
    		<bean id="validatingInterceptor"
    			class="org.springframework.ws.soap.server.endpoint.interceptor.PayloadValidatingInterceptor"
    			p:schema="/WEB-INF/xsd/login.xsd" p:validateRequest="true"
    			p:validateResponse="true" />
    		<bean id="loggingInterceptor" class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor" />
    		<bean class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
    			<property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml" />
    			<property name="callbackHandlers">
    				<list>
    					<ref bean="callbackHandler" />
    				</list>
    			</property>
    		</bean>
    	</sws:interceptors>
    
    	<bean id="callbackHandler" class="org.springframework.ws.soap.security.xwss.callback.SpringPlainTextPasswordValidationCallbackHandler">
    		<property name="authenticationManager" ref="authenticationManager" />
    	</bean>
    Then I created my custom authenticationManager class that implements AuthenticationProvider where I actually want to ping the database with datasource injected with username/password retrieved from the SOAP request. I use UserCredentialsDataSourceAdapter for that.

    I have also created my securityPolicy.xml as:
    Code:
    <xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
    	<xwss:RequireTimestamp maxClockSkew="60"
    		timestampFreshnessLimit="300" />
    	<xwss:RequireUsernameToken
    		passwordDigestRequired="false" nonceRequired="false" />
    
    	<xwss:Timestamp />
    	<xwss:UsernameToken ????????????????? How to return a generated token id here
    		digestPassword="true" useNonce="true" />
    </xwss:SecurityConfiguration>
    I am having hard time to get all those mappings setup. Meaning retrieving the username/password from the SOAP request and pass it to my authenticationManager.
    Finally, once the login is validated, I'd like to return a token id as part of the SOAP response.

    Thanks for the help!

  • #2
    Can you post your authenticationManager configuration and also the Java code for it?

    Comment

    Working...
    X