Announcement Announcement Module
Collapse
No announcement yet.
Secured SOAP Header for Selected Functions Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secured SOAP Header for Selected Functions

    I am trying to add security to an existing web service. I currently have several functions that are unsecured and I want to have versions of those same functions that are secured to allow calling applications to migrate to the new versions over time. The only thing that will differentiate the two sets of functions will be namespace. I would like the original set of functions to not require a secured SOAP header and the new functions to require a secured SOAP header.

    I have a logging interceptor and security interceptor configured in my spring-ws-servlet and I've implemented Spring security as standard for the versions that I'm using. What I'm seeing when trying to test my application from soapUI is that all of the functions are requiring a secured SOAP header. Is there a way to require a secured SOAP header for some functions but not for others? I've included the configuration included in the spring-ws-servlet below. I am aware of how to use the @Secured annotation but I don't think I'm even getting to that point. I am currently using spring-3.0.3, spring-security-2.0.4, and spring-ws-1.5.9.

    Thanks in advance for your help!

    <code>
    <bean class="org.springframework.ws.server.endpoint.mapp ing.PayloadRootAnnotationMethodEndpointMapping">
    <description>An endpoint mapping strategy that looks for @Endpoint and @PayloadRoot annotations.</description>
    <property name="interceptors">
    <list>
    <ref local="loggingInterceptor"/>
    <!-- <ref local="validatingInterceptor"/> -->
    <!-- <ref local="performanceLoggingInterceptor"/>-->
    <ref bean="securityInterceptor"/> <!-- MAKE THIS ONE LAST, NOT NECESSARY, BUT NICE -->
    </list>
    </property>
    </bean>

    <bean id="loggingInterceptor" class="org.springframework.ws.server.endpoint.inte rceptor.PayloadLoggingInterceptor" />

    <!-- Web Service Security Intercepter -->
    <bean id="securityInterceptor" class="org.springframework.ws.soap.security.wss4j. Wss4jSecurityInterceptor">
    <property name="validationActions" value="UsernameToken"/>
    <property name="validationCallbackHandler" ref="springSecurityHandler" />
    </bean>
    </code>

  • #2
    Sorry here is the code formatted correctly...

    Code:
    <bean class="org.springframework.ws.server.endpoint.mapp ing.PayloadRootAnnotationMethodEndpointMapping">
    <description>An endpoint mapping strategy that looks for @Endpoint and @PayloadRoot annotations.</description>
    <property name="interceptors">
    <list>
    <ref local="loggingInterceptor"/>
    <!-- <ref local="validatingInterceptor"/> -->
    <!-- <ref local="performanceLoggingInterceptor"/>-->
    <ref bean="securityInterceptor"/> <!-- MAKE THIS ONE LAST, NOT NECESSARY, BUT NICE -->
    </list>
    </property>
    </bean>
    
    <bean id="loggingInterceptor" class="org.springframework.ws.server.endpoint.inte rceptor.PayloadLoggingInterceptor" />
    
    <!-- Web Service Security Intercepter -->
    <bean id="securityInterceptor" class="org.springframework.ws.soap.security.wss4j. Wss4jSecurityInterceptor">
    <property name="validationActions" value="UsernameToken"/> 
    <property name="validationCallbackHandler" ref="springSecurityHandler" />
    </bean>

    Comment


    • #3
      It is very useful...code

      Comment

      Working...
      X