Clever Geek Handbook

Spring Authentication Web Service with LDAP

I want to open a sample Spring sample web service that is validated using LDAP. First, I created a web service:

import javax.jws.WebMethod;
import javax.jws.WebService;

import com.domain.SampleEntity;

/**
* Actual web service implementation.
* 
*/
@WebService
public class SampleEntityWebService {
    /**
    * Read and return SampleEntity by a supplied id.
    */
    @WebMethod
    public SampleEntityByIdResponse readSampleEntityById(Long id) {
        SampleEntity sampleEntity = new SampleEntity();
        sampleEntity.setId(id);
        SampleEntityByIdResponse sampleEntityByIdResponse = new SampleEntityByIdResponse();
        sampleEntityByIdResponse.setSampleEntity(sampleEntity);
        return sampleEntityByIdResponse;
    }
}

The web service provider configuration contains:

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:int="http://www.springframework.org/schema/integration"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:ws="http://www.springframework.org/schema/integration/ws"
    xmlns:sec="http://www.springframework.org/schema/security"
    xmlns:sws="http://www.springframework.org/schema/web-services"
    xsi:schemaLocation="http://www.springframework.org/schema/integration http://www.springframework.org/schema/integration/spring-integration-2.1.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
        http://www.springframework.org/schema/integration/ws http://www.springframework.org/schema/integration/ws/spring-integration-ws-2.1.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/web-services http://www.springframework.org/schema/web-services/web-services-2.0.xsd
        ">

    <!-- TOOD: Check if required or not -->

    <!-- <bean id="simpleJaxWzServiceExporter"
        class="org.springframework.remoting.jaxws.SimpleJaxWsServiceExporter">
        <property name="baseAddress" value="${ws.base.url}" />
    </bean> -->

    <!-- <context:component-scan base-package="com.integration.ws.provider" /> -->

    <!-- <context:property-placeholder location="classpath:META-INF/spring/web-service.properties" /> -->

    <bean id="sampleEntityMarshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
        <property name="classesToBeBound">
            <list>
                <value>com.integration.ws.provider.SampleEntityByIdRequest</value>
                <value>com.integration.ws.provider.SampleEntityByIdResponse</value>
                <value>com.domain.SampleEntity</value>
            </list>
        </property>
    </bean>

    <bean
        class="org.springframework.ws.server.endpoint.mapping.UriEndpointMapping">
        <property name="mappings">
            <props>
                <prop key="${ws.base.url}/sampleEntityById">sampleEntity-by-id-gateway</prop>
            </props>
        </property>
        <property name="interceptors">
            <list>
                <ref local="wsSecurityInterceptor" />
            </list>
        </property>
    </bean>  

    **<bean id="wsSecurityInterceptor"
        class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
        <property name="policyConfiguration" value="classpath:META-INF/securityPolicy.xml" />
        <property name="callbackHandlers">
            <list>
                <ref bean="authenticationHandler"/>
            </list>
        </property>
    </bean>**

    <bean id="authenticationHandler"
        class="org.springframework.ws.soap.security.xwss.callback.SpringDigestPasswordValidationCallbackHandler">
          <property name="userDetailsService">
            <bean class="org.springframework.security.core.userdetails.memory.InMemoryDaoImpl">
                <property name="userMap">
                    <value>
                        ${wsUserName}=${wsUserPassword},ROLE_USER
                    </value>
                </property>
            </bean>
          </property> 
    </bean> 


    <ws:inbound-gateway id="sampleEntity-by-id-gateway"
        request-channel="sampleEntityRequestById" marshaller="sampleEntityMarshaller"
        unmarshaller="sampleEntityMarshaller" reply-channel="sampleEntityResponse" />

    <int:channel id="sampleEntityRequestById" />
    <int:channel id="sampleEntityResponse" />

    <int:service-activator
        expression="@sampleEntityWebService.readSampleEntityById(payload.id)"
        input-channel="sampleEntityRequestById" output-channel="sampleEntityResponse" requires-reply="true"/>

    <int:channel id="sampleEntitys" />

</beans>

The security policy file contains:

<xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"> 
    <xwss:RequireUsernameToken passwordDigestRequired="true" nonceRequired="true"/> 
    </xwss:SecurityConfiguration>

The service works fine as such. Now I want to authenticate users who are accessing this service using LDAP. I am new to Spring web services and security. Can anyone suggest the configuration changes needed to integrate Spring Web Service with LDAP.

+3


source to share


1 answer


You can change the service information of a user from InMemoryDaoImpl

to LdapUserDetailsService

.

The config I can get is:

<bean id="contextSource"
        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <constructor-arg value="ldap://monkeymachine:389/dc=springframework,dc=org"/>
  <property name="userDn" value="cn=manager,dc=springframework,dc=org"/>
  <property name="password" value="password"/>
</bean>

<bean id="ldapPopulator" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
   <constructor-arg ref="contextSource"/>
   <constructor-arg value="ou=groups"/>
   <property name="groupRoleAttribute" value="ou"/>
</bean>

<bean id="userSearch"
    class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
    <constructor-arg index="0"
        value="ou=People,o=MyCompany,o=Intranet" />
    <constructor-arg index="1" value="(uid={0})" />
    <constructor-arg index="2" ref="contextSource" />
</bean>

<bean id="authenticationHandler" class="org.springframework.ws.soap.security.xwss.callback.SpringDigestPasswordValidationCallbackHandler">
      <property name="userDetailsService">
        <bean class="org.springframework.security.ldap.userdetails.LdapUserDetailsService">
             <constructor-arg ref="userSearch">
             <constructor-arg ref="ldapPopulator">
        </bean>
      </property> 
</bean>


Remember, I haven't tried it yet, and I copied most of it from another source. You need UserDetailsService

and you just need to install it in authenticationHandler

. The source code LdapUserDetailsService

needs two constructors LdapUserSearch

and LdapAuthoritiesPopulator

. I followed the LdapUserSearch

bean creation example and found an example from here . I found LdapPopulator bean example from official documentation.

More details about Ldap Authentication with Spring Security can be found in the official documentation .

Hope you know about LDAP because I don't know LDAP. Good luck.

0


source






More articles:


All Articles