Hi All,
I have configured spring security with my flex blazeds application successfully and access to all the beans is now secured. How can I secure access to HTTPService ( servlets) defined in proxy-config.xml. I have tried the following approaches but none worked.
1) In my custom authentication provider i have added the following lines of code to set the UsernamePasswordAuthenticationToken in securitycontext
SecurityContext securityContext = SecurityContextHolder.getContext(); securityContext.setAuthentication(usernamePasswordAuthToken); SecurityContextHolder.setContext(securityContext);
2) I have configured the securityContext persistence filter in my web-application-config as shown below.
bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
However when in my custom servlet i try this, i get context as null
SecurityContext context = (SecurityContext)req.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)
Please tell me where I am going wrong or if there is some other way to secure servlet access??
Thanks Sahil