At work, I came across a problem of adding basic HTTP authentication to web service. The following configuration for Spring security would work:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
classpath:/schemas/spring-beans-2.5.xsd
http://www.springframework.org/schema/security
classpath:/schemas/spring-security-2.5.xsd">
<s:http auto-config="false">
<s:form-login />
<s:anonymous />
<s:http-basic />
<s:logout />
<!-- List of web services to intercept for security check -->
<s:intercept-url pattern="/services/OrderService"
method="POST" access="ROLE_APPL_ORDER_SYSTEM" />
<!--
Essentially no security for all other URLs since everything is
granted to Anonymous
-->
<s:intercept-url pattern="/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
</s:http>
<!-- LDAP authentication provider configuration -->
<s:ldap-server url="ldap://ldap.myserver.org:389" />
<s:ldap-authentication-provider
user-search-base="OU=People,O=javaidiot.org" user-search-filter="uid={0}"
group-search-base="OU=Groups,O=javaidiot.org" group-search-filter="uniquemember={0}"
group-role-attribute="CN" />
</beans>
Note: Authentication and Authorization is being done above, the user account has to be existed in the LDAP server with the role APPL_ORDER_SYSTEM. In the configuration, pay attention to the "ROLE_" prepended to the actual role because I think it is the convention required.
In your Web Service client, you can do this:
((BindingProvider) port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "username");
((BindingProvider) port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "password");
Here is the remaining context setup for Spring webservice:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ws="http://jax-ws.dev.java.net/spring/core"
xmlns:wss="http://jax-ws.dev.java.net/spring/servlet"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
classpath:/schemas/spring-beans-2.5.xsd
http://www.springframework.org/schema/aop
classpath:/schemas/spring-aop-2.5.xsd
http://jax-ws.dev.java.net/spring/core
classpath:/schemas/core.xsd
http://jax-ws.dev.java.net/spring/servlet
classpath:/schemas/servlet.xsd">
<!-- OrderService -->
<wss:binding url="/services/OrderService">
<wss:service>
<ws:service bean="#orderServiceImpl">
</ws:service>
</wss:service>
</wss:binding>
<bean id="orderServiceImpl"
class="org.javaidiot.impl.OrderServiceImpl" />
</beans>
Here is the web.xml:
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<display-name>Archetype Created Web Application</display-name>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatch</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- OrderService -->
<servlet>
<servlet-name>OrderService</servlet-name>
<display-name>OrderService</display-name>
<description>Order Service</description>
<servlet-class>com.sun.xml.ws.transport.http.servlet.WSSpringServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>OrderService</servlet-name>
<url-pattern>/services/OrderService</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
To enable SSL on Tomcat, you will need a key-pairs. You can either buy, get, or use Java keytool to get a self-generated one. Then go to the server.xml to adapt the following line:
<Connector SSLEnabled="true" clientAuth="false" keystoreFile="C:/my_identity.jks"
keystorePass="changeit" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true"
sslProtocol="TLS" truststoreFile="C:/my_client_trust_to_other_server.jks" truststorePass="changeit"/>
Notice your webservice client now will need the following VM arguments to start:
-Djavax.net.ssl.trustStore="C:\my_client_trust.jks"
-Djavax.net.ssl.trustStorePassword=changeit
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment