Hi, I am using Glassfish 3.0 with Spring Security 3.0 and exposed one of my EJBs as webservice using JAX-WS 2.0 annotation. I have generated WSDL and other portable artifacts and can access the webservice using a WS-client.
Using JAAS I can make the webservice secured with "HTTP Basic Authentication" (using jdbc realm). But using Spring security framework, I can never make webservice secured using "HTTP Basic Authentication". Can anyone please help me to resolve this issue?
Here is my configuration file.
I have added spring's BasicAuthenticationFilter in my applicationContext-security.xml file.
<beans:bean id="basicAuthenticationFilter"
class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter" >
<beans:property name="authenticationManager" ref="authenticationManagerAlias" />
<beans:property name="authenticationEntryPoint"
ref="basicProcessingFilterEntryPoint" />
</beans:bean>
<beans:bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint" >
<beans:property name="realmName" value="ROLE_USER" />
</beans:bean>
My authentication-manager is configured to validate username/password/authorities from database.
When my WS client invokes the web service I always get the remote user's principal as ANONYMOUS - both for sessionContext and WebServiceContext.
I even don't know if this filter is invoked at all when my WS client invokes a webservice or not. I am new to Spring security, thus any hint will be very useful to me.
Thanks in advance,