This week's book giveaway is in the Cloud/Virtualization forum.
We're giving away four copies of AWS Security and have Dylan Shields on-line!
See this thread for details.
Win a copy of AWS Security this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • salvin francis
  • fred rosenberger

WS-SECURITY Authentication design issue

 
Ranch Hand
Posts: 265
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I have developed a simple spring webservice with Castor. I configured the project to introduce WS-Security using the following:-


My userDetailsService class extends abstract class org.springframework.security.core.userdetails.UserDetailsService
and I implement the following:-


Since my application does not use SSO how can I get the password to validate against the user. Once the user has been succ validated
I can then setup the users Roles. Is this a correct approach?

Mat


 
Mat Anthony
Ranch Hand
Posts: 265
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
resolved the password issue. Within SpringPlainTextPasswordValidationCallbackHandler it validates the password within UserDetailsVO (i.e. from the database)
with that passed in within the request soap envelope wsse usernameToken.
I'm now starting to look at Certificate Authentication using a KeyStoreCallbackHandler (i.e. associated with truststore) along with my current implemetaion of authenticationManager.

Mat
 
My name is Inigo Montoya, you killed my father, prepare to read a tiny ad:
Devious Experiments for a Truly Passive Greenhouse!
https://www.kickstarter.com/projects/paulwheaton/greenhouse-1
    Bookmark Topic Watch Topic
  • New Topic