enable security check to access wsdl url

Question

If you're already using Spring, you can easily apply basic authentication to a specific URL pattern with Spring Security. In your applicationContext.xml, just add:

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

<!-- HTTP basic authentication in Spring Security -->
<http>
    <intercept-url pattern="/*wsdl?" access="ROLE_USER" />
    <http-basic />
</http>

<authentication-manager>
   <authentication-provider>
       <user-service>
       <user name="someUser" password="somePassword" authorities="ROLE_USER" />
       </user-service>
   </authentication-provider>
</authentication-manager>

</beans:beans>

Example taken from Mkyong's Spring Security HTTP Basic Authentication Example.

If you'd like to lookup users in a database, you'd need to use a different authentication provider. The Spring Security reference mentions data-source-ref if you'd like to query the standard Spring Security user data tables. If you've already got your own structure, you might be interested in using user-service-ref instead, in which you can lookup the users yourself.

<authentication-manager>
  <authentication-provider user-service-ref='myUserDetailsService'/>
</authentication-manager>

<beans:bean id="myUserDetailsService"
    class="mypackage.MyUserDetailsService">
  <beans:property name="dataSource" ref="dataSource"/>
</beans:bean>

And code mypackage.MyUserDetailsService extending JdbcDaoImpl and implementing UserDetailsService.