Sunday, January 29, 2012

Spring 3, Spring Web Services 2 & LDAP Security.

This year started on a good note, another one of those "the deadline won't change" / "skip all the red tape" / "Wild West" type of projects in which I got to figure out and implement some functionality using some relatively new libraries and tech for a change, well Spring 3 ain't new but in the Java 5, weblogic 10(.01), Spring 2.5.6 slow corporate kind of world it is all relative.
Due to general time constraints I am not including too much "fluff" in this post, just the nitty gritty of creating and securing a Spring 3 , Spring WS 2 web service using multiple XSDs and LDAP security.
The Code:

The Service Endpoint: ExampleServiceEndpoint
This is the class that will be exposed as web service using the configuration later in the post. The Code: CustomValidationCallbackHandler

This was my bit of custom code I wrote to extend the AbstactCallbackHandler allowing us to use LDAP. As per the comments in the CallbackHandler below, it's probably a good idea to have a cache manager, something like Hazelcast or Ehcache to cache authenticated users, depending on security / performance considerations.
The Digest Validator below can just be used directly from the Sun library, I was just wanted to see how it worked.


The service config:
The configuration for the Endpoint, CallbackHandler and the LDAP Authentication manager.
The Application Context - Server Side:
The Security Context - Server Side:

The Web XML:
Nothing really special here, just the Spring WS MessageDispatcherServlet.
The client config:
To test or use the service you'll need the following:
The Application Context - Client Side Test:

The Security Context - Client Side:

As usual with Java there can be a couple little nuances when it comes to jars and versions so below is part of the pom I used.
The Dependencies:

6 comments:

  1. Wow, that's a lot of code. Thanks for sharing that.

    Greets web design service consultant

    ReplyDelete
    Replies
    1. Yes, I am wondering, what is the future of Java, if simple ldap needs 10 pages of code in best Java framework...
      Life is too short, learn Python...

      Delete
    2. Check my last couple posts :) all about me getting into Python... I have to agree, really enjoying the brevity...
      but Java still pays the bills.

      Delete
  2. Do you Know ,how can we improve our site.

    ReplyDelete

Popular Posts

Followers