Implementing Security for Java Web Services with Spring and Apache CXF

Question

Implementing Security for Java Web Services with Spring and Apache CXF

I have an application running on Java Spring 3. My application uses RESTful and Spring Security services for security. It has a user table and validates user credentials. I applied the web service features to my application (one of the client web services instead of RESTful services). If possible, I want to use the same authentication mechanism and want to find this database and allow only one user (now for the administrator) to communicate with my web services server.

Should I follow just like my RESTful authentication, or is there an authentication and security mechanism for Java web services in Spring (for example, how to deal with logging out, how to enable the logging mechanism for web services client-server communication)

PS: I am using Apache-CXF.

+4

java authentication spring-security cxf

kamaci Jun 04 '12 at 17:00

source share

2 answers

You can put the security token in the HTTP header that you send to REST, which REST decodes and validates based on the administrative location.

0

dardo Jun 04 '12 at 18:26

source share

sourcedelica · Accepted Answer · 2012-06-04T22:11:31+0000

Two possible ways:

Place a BasicAuthenticationFilter or DigestAuthenticationFilter in front of your CXF servlet.
Use WS-Security UsernamePasswordToken with CXF and write a CallbackHandler that: a) creates a UsernamePasswordAuthenticationToken, b) calls authentication Manager.authenticate () and c) stores the authentication in the SecurityContextHolder.

Please note that the above does not cover the concept of logging out, since login sessions are usually implemented using cookies, and the above are idle approaches. If you really need to log out, you should consider using OAuth, because you can implement logging out by revoking access tokens.

Implementing Security for Java Web Services with Spring and Apache CXF

More articles: