Reputation: 3263
propagate spring security from webapp to soap webservice
I have the following situation: we have several webapplications, all using Spring Security to do authentication/authorization. We want to create a webservice that will be used by all those webapplications. Communication will hapen over https.
I want the security context of the webapp to propagate to the webservice, so that @Secured annotations on methods in the webservice implementation work correctly. I've looked at spring ws security, and have succesfully implemented authentication using the UsernameTokenProfile. But I can't seem to find a standards-based way to transfer the authorization info (ie the roles of the user).
- is there a way in Spring to do authorization in webservices? (SAML,XACML?)
- does Spring even build a SecurityContext when using authentication in webservices? If I debug my code and ask for SecurityContextHolder.getContext() I get null (I'm assuming my request is handled by 1 thread).
Upvotes: 2
Views: 808
Answers (1)
Reputation: 1976
As Apache CXF is configured through Spring-based configuration file, I would suggest you take a look at its documentation regarding AUTHORIZATION
I think that might help you
Upvotes: 1
Related Questions
- How to call a secured SOAP service using Spring Integration
- How to add security to the webservice programmatically
- Spring Security
- Spring boot Spring ws security for soap based web service
- Spring Boot Web Service with Web Security programmatic configuration
- Spring-ws and Spring security
- Spring Security: Handling BOTH web app security and web service security
- JAX-WS web service and spring security
- Implementing Spring WS Security
- @Secured service methods and spring ws