2

I have created a web service in my machine. Its URL is 

http://localhost:8080/aaa/test?wsdl

I want to enable one feature to it. As soon as the user enters the url in browser, it should ask for the credentials. Can it be done in web services.

If yes, can some one guide how to achieve it.

Thanks.

Patan
  • 17,073
  • 36
  • 124
  • 198
  • You could add [basic HTTP authentication](http://en.wikipedia.org/wiki/Basic_access_authentication) based on an URL pattern, for instance with spring security, as done in this question: [Spring Security HTTP Basic Authentication](http://stackoverflow.com/q/2691160/851811) – Xavi López Jan 18 '13 at 10:23
  • @XaviLópez. Thanks.Do I need to add the URL pattern in spring.xml. Can you provide some code sample for the same – Patan Jan 18 '13 at 10:25
  • Yes, you'd need to add the `` element in your `applicationContext.xml`. See an [example here](http://www.mkyong.com/spring-security/spring-security-http-basic-authentication-example/) – Xavi López Jan 18 '13 at 10:29

1 Answers1

3

If you're already using Spring, you can easily apply basic authentication to a specific URL pattern with Spring Security. In your applicationContext.xml, just add: 

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

<!-- HTTP basic authentication in Spring Security -->
<http>
    <intercept-url pattern="/*wsdl?" access="ROLE_USER" />
    <http-basic />
</http>

<authentication-manager>
   <authentication-provider>
       <user-service>
       <user name="someUser" password="somePassword" authorities="ROLE_USER" />
       </user-service>
   </authentication-provider>
</authentication-manager>

</beans:beans>

Example taken from Mkyong's Spring Security HTTP Basic Authentication Example.

If you'd like to lookup users in a database, you'd need to use a different authentication provider. The Spring Security reference mentions data-source-ref if you'd like to query the standard Spring Security user data tables. If you've already got your own structure, you might be interested in using user-service-ref instead, in which you can lookup the users yourself.

<authentication-manager>
  <authentication-provider user-service-ref='myUserDetailsService'/>
</authentication-manager>

<beans:bean id="myUserDetailsService"
    class="mypackage.MyUserDetailsService">
  <beans:property name="dataSource" ref="dataSource"/>
</beans:bean>

And code mypackage.MyUserDetailsService extending JdbcDaoImpl and implementing UserDetailsService.

Xavi López
  • 27,550
  • 11
  • 97
  • 161
  • Thanks for the solution.If we have to get the username and password from the database, will it help. If yes, it would be great if you tell that also – Patan Jan 18 '13 at 10:37
  • You'd need to provide a different [authentication provider](http://static.springsource.org/spring-security/site/docs/3.2.x/reference/springsecurity-single.html#nsa-authentication). You can use `jdbc-user-service`, which will query some predefined tables in the DB. Or you can also use `user-service-ref` for a custom user lookup. Mkyong also has a good [example](http://www.mkyong.com/spring-security/spring-security-form-login-using-database/) on using `jdbc-user-service`. – Xavi López Jan 18 '13 at 10:44
  • Have you tried just naming the file `applicationContext.xml`? If I remember correctly, it's the default file Spring looks for. – Xavi López Jan 18 '13 at 11:18
  • Oh, and maybe add ` org.springframework.web.context.ContextLoaderListener ` to your `web.xml` – Xavi López Jan 18 '13 at 11:28