Announcement Announcement Module
No announcement yet.
Spring WS integration with LDAP server Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring WS integration with LDAP server


    I need to expose the functionality of the project thought web services. We want to use spring web services for that but my concern is how to integrate spring-ws with LDAP server for authentication? (When a client need to access our WS, the validity of the client is checked using a LDAP server by our web service). I saw some security in spring web service tutorial but nothing about LDAP server integration, and also the internet is very poor related to this. Please help...

    Thanks in advance!

  • #2
    From a high-level it doesn't matter... You should simply consider LDAP as another means to store your information so the only difference is (more or less) the fact that you don't use a database, file or whatever. I suggest taking a look at Spring Security and how to integrate that in Spring-WS.


    • #3
      I was thinking how to integrate spring-ws with spring LDAP. Maybe is not very clear from my recent post.
      Thanks for the suggestion.Looking what I can do with Spring Security.


      • #4
        I have some progress here. Still not working. I don't know how to catch incoming requests from client, extract UsernameTokens from the header and compare username and password with those from my LDAP server. I will poste my securityPolicy file from my client and WS configuration file:


        <xwss:SecurityConfiguration xmlns:xwss="">
        <xwss:RequireTimestamp maxClockSkew="60"
        timestampFreshnessLimit="300" />
        passwordDigestRequired="false" nonceRequired="false" />
        <xwss:Timestamp />
        <xwss:UsernameToken name="simpleUser" password="pass"
        digestPassword="false" useNonce="false" />

        Every request from my client will conatain UsernameToke in header.


        class=" wsSecurityInterceptor">
        <property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml" />
        <property name="callbackHandlers">
        <ref bean="springSecurityHandler" />


        <bean id="springSecurityHandler"
        class=" allback.SpringPlainTextPasswordValidationCallbackH andler">
        <property name="authenticationManager" ref="authManager" />

        <s:authentication-manager alias="authManager">
        user-search-filter="(uid={0})" user-search-base="ou=users"
        group-search-filter="(uniqueMember={0})" group-search-base="ou=groups"
        group-role-attribute="cn" role-prefix="ROLE_">

        <s:ldap-server ldif="/WEB-INF/users.ldif" root="o=users" />

        As you cand see I tried a spring-security, spring-ws integration here.

        I'm using an embedded LDAP server. The output message is :

        SOAP Fault Code {}Client
        SOAP Fault String: com.sun.xml.wss.impl.WssSoapFaultException: Authentication of Username Password Token Failed; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Authentication of Username Password Token Failed
        Jun 5, 2012 4:33:44 PM ationContext doClose

        My user from policy file is in the LDAP server. Sincerly i don't know if this is the right way to do. It's first time when I work with spring-ws, and LDAP servers