Providing security for Restful Web Services into existing Spring security 3.1 -
hi going integrate authentication restful web services in web application. integrate spring security 3.1 entire application , working good; confused , stuck, how integrate security web services in existing application? here existing security configuration authentication , authorization.
securityapplicationcontext.xml :
<beans:bean id="myaccessdecisionmanager" class="com.security.repository.myaccessdecisionmanager"> <beans:property name="customauthenticatiuonservice" ref="customauthenticatiuonserviceimpl"> </beans:property> </beans:bean> <http auto-config="true" once-per-request="true" access-decision-manager-ref="myaccessdecisionmanager" access-denied-page="/jsp/errorpage.jsp"> <intercept-url pattern="/*.web" access="role_anonymous" /> <intercept-url pattern="productsservice/*.web" access="role_admin" /> <!-- override default login , logout pages --> <form-login login-page="/login.works" login-processing-url="/j_spring_security_check" default-target-url="/login/validate.works" authentication-failure-url="/login.works?login_error=1" /> <logout logout-url="/j_spring_security_logout" logout-success-url="/login.works" invalidate-session="true" /> <session-management invalid-session-url="/login.works" session-fixation-protection="newsession"> <concurrency-control max-sessions="100" error-if-maximum-exceeded="false" /> </session-management> </http> <authentication-manager> <authentication-provider ref="customauthenticationprovider"></authentication-provider> </authentication-manager> <beans:bean id="customauthenticationprovider" class="com.security.repository.customauthenticationprovider"> <beans:property name="customauthenticatiuonservice" ref="customauthenticatiuonserviceimpl"> </beans:property> </beans:bean> <beans:bean id="customauthenticatiuonserviceimpl" class="com.service.impl.customauthenticatiuonserviceimpl"> <beans:property name="customauthenticationdao" ref="customauthenticationdaotarget"> </beans:property> </beans:bean> <beans:bean id="customauthenticationdaotarget" class="com.dao.impl.customauthenticatiuondaoimpl"> <beans:property name="hibernatetemplate" ref="cesshibernatetemplate"/> </beans:bean> now looking secure web services follows:
my web service:
@component @path("/productsservice") //@requestmapping("/productsservice") @scope("request") @controller public class productscontroller { @autowired private productsservice products; @get @path("/getproductslist.lbt") // @requestmapping("/getproductslist.lbt") @produces("text/plain") public string getproductslist() { return products.getproductslist(); } } @service("products") public class productsservice { @secured("role_admin") public string getproductslist() { return "test string rest web service"; } } and last client class:
public static void main(string[] args) { client c = client.create(); // plain text webresource r = c .resource("http://localhost:8080/productsservice/getproductslist.web"); c.addfilter(new httpbasicauthfilter("admin", "admin")); c.setfollowredirects(false); system.out.println("plain text=>> " + r.get(string.class)); } i using customauthenticationmanager , myaccessdecisionmanger authentication , authorization of user. when use @path annotation on controller , debug debugger not go controller , throws error 402 not found , when use @requestmapping goes when returning controller error @ client side 302 found. how resolve this? please me. in advance.
you should use 2 http tags. 1 web application , other 1 rest api. let's say, can use entry point web/** web app , entry point api/** rest api. propaply want secure api http basic, web app should work form login (that uses java session) , rest api http basic authentication. rest apis better secured oauth 2, depending on size or audience of application overkill.
Comments
Post a Comment