Monday, 15 September 2014

authentication - Adding Spring Security @Secured annotation with the Spring Web Service disables Web Service endpoint -



authentication - Adding Spring Security @Secured annotation with the Spring Web Service disables Web Service endpoint -

problem: when add together @secured annotation @ web service method, endpoint disabled means no endpoint mapping found error when invoking ws endpoint.

background: spring web service secured authenticate consumers using usernametoken , timestamp works absolutely fine until add together @secured enforce role based authorization. interceptors configured in spring-ws-servlet.xml using <sws:interceptors>. framework versions:

spring ws: 2.0.5.release spring ws security: 2.0.5.release spring security: 3.0.7.release wss4j: 1.5.12

here's sample of i'm trying do.

endpoint: ... @endpoint public class xyzendpoint implements xyzservice{ @override @payloadroot(localpart = xyz_request, namespace = namespace_xyz) //@secured({"role_xyz"}) public xyzresponse producexyz(xyzrequest request) { ... homecoming new xyzresponse(); } } ...

i using global-method-security below enable @secured annotation described spring docs.

spring-ws-servlet.xml ... <security:global-method-security secured-annotations="enabled" /> ....

i got same issue , able prepare

<security:global-method-security proxy-target-class="true" secured-annotations="enabled"/>

authentication soap spring-security authorization spring-ws

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)