This works - thank's very much. I'd wholeheartedly recommend that this be added as a note in the Webservice tutorial where it mentions securing the webservice!
Marcello Teodori wrote: > > If it can be useful, this is a snippet from what I've changed in my > security.xml file to have basic-authentication working correctly: > > <!-- ======================== FILTER CHAIN ======================= --> > <bean id="filterChainProxy" > class="org.acegisecurity.util.FilterChainProxy"> <property > name="filterInvocationDefinitionSource"> <value> > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON > PATTERN_TYPE_APACHE_ANT /images/**=#NONE# > /scripts/**=#NONE# /styles/**=#NONE# > /services/**=httpSessionContextIntegrationFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,basicExceptionTranslationFilter,filterInvocationInterceptor > > /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor > </value> > <!-- Put channelProcessingFilter before > securityContextHolderAwareRequestFilter to turn on SSL switching --> > <!-- It's off by default b/c Canoo WebTest doesn't support SSL > out-of-the-box --> > </property> > </bean> > > <bean id="basicProcessingFilterEntryPoint" > class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"> > <property name="realmName" value="AppFuse Web Services"/> > </bean> > > <bean id="basicProcessingFilter" > class="org.acegisecurity.ui.basicauth.BasicProcessingFilter"> > <property name="authenticationManager" > ref="authenticationManager"/> > <property name="authenticationEntryPoint" > ref="basicProcessingFilterEntryPoint" /> > </bean> > > <bean id="basicExceptionTranslationFilter" > class="org.acegisecurity.ui.ExceptionTranslationFilter"> > <property name="authenticationEntryPoint" > ref="basicProcessingFilterEntryPoint" /> > </bean> > > > Now both endpoint and WSDL definition prompt for authentication in the > browser. > I'm still investigating if it is also possible to support WSS, which would > preferrable for my application, following the hints I've found here: > > http://www.vorburger.ch/blog1/2006/10/propagating-acegis-security-context-in.html > > Marcello > > > mraible wrote: >> >> Do you have webservices only - or are you serving up an HTML interface >> as well. I'd suggest modifying your filterChainProxy to have >> /services/**=filterChainWithBasicAuthenticationFilter. >> >> Then adding basic authentication bean definitions to your security.xml. >> >> Matt >> >> On 10/24/07, George.Francis <[EMAIL PROTECTED]> wrote: >>> >>> Please help me get secure webservices running in my app! >>> I have added /services/**=ROLE_ADMIN,ROLE_USER to security.xml as >>> instructed >>> in the tutorial (http://appfuse.org/display/APF/Web+Services). What I >>> need >>> to know is, has ANYONE got this successfully working? If so could you >>> PLEASE post the request/response messages for any operation? I have >>> tried >>> authenticating in several different ways but no matter what I send my >>> webservice (once it's secured) I get a 302 redirect and it's driving me >>> mad. >>> Thanks in advance!! >>> -- >>> View this message in context: >>> http://www.nabble.com/Secured-Webservice-tf4685214s2369.html#a13388798 >>> Sent from the AppFuse - User mailing list archive at Nabble.com. >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> >> -- >> http://raibledesigns.com >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > -- View this message in context: http://www.nabble.com/Secured-Webservice-tf4685214s2369.html#a13394903 Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
