Spring-ws and Spring security

Question

I've an application with no spring security in it, we have a new requirement to add webservices, so we opted for spring-ws, i'm trying to add simple authentication using header values for each services request. We do not want the complicated integrity test by encrypting the soap message/digest as mentioned in the spring-source. All that we need is authenticate the user with uid,password and domain with the existing services to auth the user and forward the user to the requesting services if he is legit user. Is there a way to do it using spring-security? a little direction would help. Thanks.

Answer 1

I dont have to do any special setup, I can write custom filters in spring security and Custom Authproviders. This seems to work great. I dont need Spring-ws for this process, this is used only in case of encryption of the messages.

Answer 2

Provided I understand you correctly, UsernamePasswordAuthenticationFilter implementation will fit your needs. It uses HTTP POST parameters (j_username and j_password by default) to create UsernamePasswordAuthenticationToken which can be processed by appropriate AuthenticationProvider (see AbstractUserDetailsAuthenticationProvider supports method). You can implement own provider based on AbstractUserDetailsAuthenticationProvider as well, although you should be able to find appropriate implementation out of the box.