Announcement Announcement Module
No announcement yet.
How to make web service secured Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to make web service secured

    Hi All,
    I am currently struggling to make an web service "secured" using spring framework. Using JAAS I can make it "secured" but with Spring I do not know how to make it "secured" (i.e. authenticated by valid username/password ).

    Can anyone please put me into right direction?
    I followed the steps as specified in this link: - which is :

    With JAX-WS 2.0 annotation I have exposed an EJB as web service.
    The WSDL and other portable artifacts have been generated properly.

    In my applicationContext-security.xml file I have specified the required binding - like:
    <wss:binding url="/ApiUserService/ApiUserBean">
    <ws:service bean="#ejbWebService"/>

    <beans:bean id="ejbWebService" class=""/>

    I have defined the filter: "org.springframework.web.filter.DelegatingFilterPr oxy" in my web.xml file properly so that Spring handle all requests coming to the web application through it.

    I have implemented my AuthenticationSecurityFilter extending from ernamePasswordAuthenticationFilter and specified that filter appropriately in applicationContext-security.xml file.

    I can access the WSDL and web service but how do I make this web service "secured" so that when client will access it with username/password, spring will authenticate it using my Security filter?

    I am new in webservice area - so may be some basic steps I am missing.
    Can anyone please give me any suggestion?
    I am totally stuck on this..

    Thanks a lot in advance.

    I have created a basicAuthenticationFilter like shown below - but it does not look like getting invoked when a WS client tries to invoke the web service method.
    The webservice method is annotated with @RolesAllowed("MyRole") - but web service context always gets the username = ANONYMOUS
    Any idea what is happening there?

    <beans:bean id="basicAuthenticationFilter"
    class=" tion.www.BasicAuthenticationFilter">
    <beansroperty name="authenticationManager" ref="authenticationManagerAlias"/>
    <beansroperty name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
    <beans:bean id="authenticationEntryPoint"
    class=" tion.www.BasicAuthenticationEntryPoint">
    <beansroperty name="realmName" value="MyRole"/>
    Last edited by kuntalm; Oct 13th, 2010, 05:52 PM. Reason: Added more content