Adding Spring Security @ Pinned annotation with Spring web service disables web service endpoint
Problem: When I add @Secured annotation in the web service method, the endpoint is disabled, which means I am getting the endpoint display error when calling the ws endpoint.
Reference Information. My Spring web service is secured to authenticate users using UsernameToken and Timestamp, which works absolutely fine until I add @Secured to force authorization based on roles. Interceptors are configured in spring-ws-servlet.xml using <sws: interceptors. Framework versions:
- spring ws: 2.0.5.RELEASE
- spring ws security: 2.0.5.RELEASE
- spring security: 3.0.7.RELEASE
- wss4j: 1.5.12
Here is an example of what I am trying to do.
End point:
...
@Endpoint
public class XYZEndpoint implements XYZService{
@Override
@PayloadRoot(localPart = XYZ_REQUEST, namespace = NAMESPACE_XYZ)
//@Secured({"ROLE_XYZ"})
public XYZResponse produceXYZ(XYZRequest request) {
...
return new XYZResponse();
}
}
...
I am using the global-method-security below to enable @Secured annotation as described in Spring docs.
spring-ws-servlet.xml
...
<security:global-method-security secured-annotations="enabled" />
....
+3
source to share