wood burning stoves 2.0*
The moose likes Web Services and the fly likes WS-SECURITY Authentication design issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "WS-SECURITY Authentication design issue" Watch "WS-SECURITY Authentication design issue" New topic
Author

WS-SECURITY Authentication design issue

Mat Anthony
Ranch Hand

Joined: May 21, 2008
Posts: 232
Hi All,
I have developed a simple spring webservice with Castor. I configured the project to introduce WS-Security using the following:-


My userDetailsService class extends abstract class org.springframework.security.core.userdetails.UserDetailsService
and I implement the following:-


Since my application does not use SSO how can I get the password to validate against the user. Once the user has been succ validated
I can then setup the users Roles. Is this a correct approach?

Mat


Mat Anthony
Ranch Hand

Joined: May 21, 2008
Posts: 232
Hi All,
resolved the password issue. Within SpringPlainTextPasswordValidationCallbackHandler it validates the password within UserDetailsVO (i.e. from the database)
with that passed in within the request soap envelope wsse usernameToken.
I'm now starting to look at Certificate Authentication using a KeyStoreCallbackHandler (i.e. associated with truststore) along with my current implemetaion of authenticationManager.

Mat
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: WS-SECURITY Authentication design issue
 
Similar Threads
Security Role Mapping in Spring Security.
"Spring Security Application" Initiated by Apache
No AuthenticationEntryPoint could be established
Spring security multiple login pages
Spring security using database