Providing security for Restful Web Services into existing Spring security 3.1 -


hi going integrate authentication restful web services in web application. integrate spring security 3.1 entire application , working good; confused , stuck, how integrate security web services in existing application? here existing security configuration authentication , authorization.

securityapplicationcontext.xml :

<beans:bean id="myaccessdecisionmanager"         class="com.security.repository.myaccessdecisionmanager">         <beans:property name="customauthenticatiuonservice" ref="customauthenticatiuonserviceimpl"> </beans:property>     </beans:bean>      <http auto-config="true" once-per-request="true"         access-decision-manager-ref="myaccessdecisionmanager" access-denied-page="/jsp/errorpage.jsp">          <intercept-url pattern="/*.web" access="role_anonymous" /> <intercept-url pattern="productsservice/*.web" access="role_admin" />          <!-- override default login , logout pages -->         <form-login login-page="/login.works" login-processing-url="/j_spring_security_check"             default-target-url="/login/validate.works"             authentication-failure-url="/login.works?login_error=1" />         <logout logout-url="/j_spring_security_logout"             logout-success-url="/login.works" invalidate-session="true" />          <session-management invalid-session-url="/login.works"             session-fixation-protection="newsession">             <concurrency-control max-sessions="100"                 error-if-maximum-exceeded="false" />         </session-management>     </http>      <authentication-manager>         <authentication-provider ref="customauthenticationprovider"></authentication-provider>     </authentication-manager>      <beans:bean id="customauthenticationprovider"         class="com.security.repository.customauthenticationprovider">         <beans:property name="customauthenticatiuonservice" ref="customauthenticatiuonserviceimpl"> </beans:property>     </beans:bean>      <beans:bean id="customauthenticatiuonserviceimpl"         class="com.service.impl.customauthenticatiuonserviceimpl">         <beans:property name="customauthenticationdao" ref="customauthenticationdaotarget"> </beans:property>     </beans:bean>      <beans:bean id="customauthenticationdaotarget" class="com.dao.impl.customauthenticatiuondaoimpl">         <beans:property name="hibernatetemplate" ref="cesshibernatetemplate"/>     </beans:bean> 

now looking secure web services follows:

my web service:

@component @path("/productsservice") //@requestmapping("/productsservice") @scope("request") @controller public class productscontroller {      @autowired     private productsservice products;      @get     @path("/getproductslist.lbt") //  @requestmapping("/getproductslist.lbt")     @produces("text/plain")     public string getproductslist() {         return products.getproductslist();     } }   @service("products") public class productsservice {      @secured("role_admin")     public string getproductslist() {                return "test string rest web service";     } } 

and last client class:

public static void main(string[] args) {         client c = client.create();      // plain text     webresource r = c             .resource("http://localhost:8080/productsservice/getproductslist.web");     c.addfilter(new httpbasicauthfilter("admin", "admin"));     c.setfollowredirects(false);     system.out.println("plain text=>> " + r.get(string.class));  } 

i using customauthenticationmanager , myaccessdecisionmanger authentication , authorization of user. when use @path annotation on controller , debug debugger not go controller , throws error 402 not found , when use @requestmapping goes when returning controller error @ client side 302 found. how resolve this? please me. in advance.

you should use 2 http tags. 1 web application , other 1 rest api. let's say, can use entry point web/** web app , entry point api/** rest api. propaply want secure api http basic, web app should work form login (that uses java session) , rest api http basic authentication. rest apis better secured oauth 2, depending on size or audience of application overkill.


Comments

Popular posts from this blog

How to mention the localhost in android -

php - Calling a template part from a post -

c# - String.format() DateTime With Arabic culture -