Adding Spring Security @ Pinned annotation with Spring web service disables web service endpoint

Question

Adding Spring Security @ Pinned annotation with Spring web service disables web service endpoint

Problem: When I add @Secured annotation in the web service method, the endpoint is disabled, which means I am getting the endpoint display error when calling the ws endpoint.

Reference Information. My Spring web service is secured to authenticate users using UsernameToken and Timestamp, which works absolutely fine until I add @Secured to force authorization based on roles. Interceptors are configured in spring-ws-servlet.xml using <sws: interceptors. Framework versions:

spring ws: 2.0.5.RELEASE
spring ws security: 2.0.5.RELEASE
spring security: 3.0.7.RELEASE
wss4j: 1.5.12

Here is an example of what I am trying to do.

End point:


...

    @Endpoint
    public class XYZEndpoint implements XYZService{
        @Override
        @PayloadRoot(localPart = XYZ_REQUEST, namespace = NAMESPACE_XYZ)
        //@Secured({"ROLE_XYZ"})
        public XYZResponse produceXYZ(XYZRequest request) {
                    ...
            return new XYZResponse();
        }
    }

...

I am using the global-method-security below to enable @Secured annotation as described in Spring docs.

spring-ws-servlet.xml


...

    <security:global-method-security secured-annotations="enabled" />

....

+3

authentication soap spring-security spring-ws authorization

Lal Feb 19 13 at 12:49 am

source to share

1 answer

Roger · Answer 1 · 2014-09-12T14:30:12+0000

I have the same problem and can fix it with

<security:global-method-security proxy-target-class="true" secured-annotations="enabled"/>

Adding Spring Security @ Pinned annotation with Spring web service disables web service endpoint

End point:

spring-ws-servlet.xml

More articles: