4

I have an application runs on Java Spring 3. My application uses RESTful services and Spring Security for security. It has a user table and checks user credentials from it. I implemented web service capability to my application(one of customer's wanted web services instead of RESTful services). If possible I want same authentication mechanism and want to look up that database and allow just one user (for now-to admin) to communicate with my web service server.

Should I follow the same way as like my RESTful authentication or is there any authentication and security mechanism for Java Web Services at Spring (i.e. how to deal with logout, how to enable logout mechanism for a client-server web services communication)

PS: I use Apache-CXF.

Improve this question

2 Answers 2

Reset to default
2

Two potential ways:

  1. Put a BasicAuthenticationFilter or DigestAuthenticationFilter in front of your CXF Servlet.

  2. Use a WS-Security UsernamePasswordToken with CXF and write a CallbackHandler that a) creates a UsernamePasswordAuthenticationToken, b) calls authenticationManager.authenticate() and c) stores the authentication in the SecurityContextHolder.

Note that the above doesn't cover the concept of logout since login sessions are generally implemented with cookies and the above are stateless approaches. If you really need logout then you should consider using OAuth because you can implement logout by invalidating access tokens.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You could put a security token in the HTTP header you are sending to the REST which the REST decodes and verifies it's coming from an administrative location.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.