Spring ws XSD validation - spring-ws

Currently i am implementing web services using Spring-ws . Here i am struck with xsd validation . For xsd validation i am using the following configruation
<bean id="validatingInterceptor" class="org.springframework.ws.soap.server.endpoint.interceptor.PayloadValidatingInterceptor">
<property name="xsdSchema" ref="schema" />
<property name="validateRequest" value="true" />
<property name="validateResponse" value="true" />
</bean>
<bean id="schema" class="org.springframework.xml.xsd.SimpleXsdSchema">
<property name="xsd" value="/WEB-INF/ProductSchema.xsd" />
</bean>
Here i am passing the xsd file during bean initialization . Is there any way for me to send this(ProductSchema.xsd) xsd file dynamically. Because I will comes to know which xsd file needs to send based on the input payload.
Please help me. Thanks in advance

I don't know how many XSD's you have, but perhaps you can define imports in ProductSchema.xsd to include the others. That's at least how I've got it set up.
For example:
<import namespace="http://namespace" schemaLocation="data.xsd" />

I'm not quite sure of what you are trying to do.
But you can make different endpoints/methods that matches different payloads by annotating the handler method with a localPart that matches the name of an element i the payload:
#Endpoint
public class MyEndpoint {
#PayloadRoot(namespace = NAMESPACE_URI, localPart = "NameOfMyXmlRequestElement")
#ResponsePayload
public MyResponse handleMyRequest(#RequestPayload MyRequest MyRequest) throws Exception {
...
A recived request can then be unmarshalled/validated using a specific schema:
<bean id="myJaxb2Marshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
<property name="classesToBeBound">
<list>
<value>mydomain.model.oxm.MyRequest</value>
<value>mydomain.model.oxm.MyResponse</value>
</list>
</property>
<property name="schema" ref="MyServiceSchema" />
</bean>
<bean id="MyServiceSchema" class="org.springframework.core.io.ClassPathResource">
<constructor-arg value="WEB-INF/schemas/MyService.xsd" />
</bean>
The MyRequest class must be annotated to work with the Jaxb2marshaller, #XmlRootElement(name="MyRequest") etc...

Related

Transforming spring-ws implementation to spring-integration-ws implementation

I have an implementation of web service (server side) using spring-ws. I would like to change my code to use spring-integration-ws (ws:inbound-gateway and channels). I have tried examples but still not sure if it is possible to transform my implementation. In short my I am using #Endpoint, #PayloadRoot, PayloadRootAnnotationMethodEndpointMapping and JMS (as transport). Please find below my implementation:
The endpoint class (MyEndpoint.java):
#Endpoint
public class MyEndpoint {
#PayloadRoot(localPart="getUserRequest", namespace="http://play.zahid.springint/Jibx")
public GetUserResponse getUserResponse(GetUserRequest request){
log.info("Start getUserResponse " + request);
GetUserResponse response = new GetUserResponse();
User user = new User();
user.setFirstName(request.getFirstName());
user.setLastName(request.getFirstName() + " Last");
response.setUser(user);
log.info("End getUserResponse " + response);
return response;
}
#PayloadRoot(localPart="sayHiUserRequest", namespace="http://play.zahid.springint/Jibx")
public SayHiResponse sayHiUserResponse(SayHiUserRequest request){
log.info("Start sayHiUserResponse " + request);
SayHiUserResponse response = new SayHiUserResponse();
response.setResponse("Hi " + request.getFirstName() + " " + request.getLastName());
log.info("End sayHiUserResponse " + response);
return response;
}
}
The spring xml file (applicationContext.xml):
<bean id="listenerContainer"
class="org.springframework.jms.listener.DefaultMessageListenerContainer">
<property name="connectionFactory" ref="mqCachedConnectionFactory" />
<property name="destination" ref="defaultDestination" />
<property name="messageListener">
<bean class="org.springframework.ws.transport.jms.WebServiceMessageListener">
<property name="messageFactory" ref="messageFactory"/>
<property name="messageReceiver" ref="messageReceiver" />
</bean>
</property>
<property name="concurrentConsumers" value="1" />
<property name="acceptMessagesWhileStopping" value="false" />
<property name="recoveryInterval" value="10000" />
<property name="cacheLevelName" value="CACHE_CONSUMER" />
</bean>
<bean id="messageFactory" class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory" />
<bean id="messageReceiver" class="org.springframework.ws.soap.server.SoapMessageDispatcher">
<property name="endpointAdapters">
<list>
<bean id="endpointAdapter" class="org.springframework.ws.server.endpoint.adapter.GenericMarshallingMethodEndpointAdapter">
<constructor-arg ref="marshaller" />
</bean>
</list>
</property>
</bean>
<bean class="org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping" />
For simplicity purpose I have removed the unnecessary codes and xml configuration.
Is there anyway to keep my endpoint class (MyEndpoint.java) as it is and use spring-integration-ws support (ws:inbound-gateway and channel)?
Let me know if you need any more information.
Thanks
Is there anyway to keep my endpoint class (MyEndpoint.java) as it is and use spring-integration-ws support (ws:inbound-gateway and channel)?
Yes you can.
I'll try to explain a simple integration-ws implementation for your situation:
applicationContext.xml:
<bean id="endpointMappings"
class="org.springframework.beans.factory.config.ListFactoryBean"
lazy-init="true">
<property name="sourceList">
<list>
<ref bean="uriEndpointMapping"/>
</list>
</property>
</bean>
<bean id="uriEndpointMapping"
class="org.springframework.ws.server.endpoint.mapping.UriEndpointMapping"
p:defaultEndpoint-ref="ws-inbound-gateway">
<property name="mappings">
<props>
<prop key="${yourEndPointUrl}">ws-inbound-gateway</prop>
</props>
</property>
</bean>
<int-ws:inbound-gateway id="ws-inbound-gateway"
request-channel="ws-request-channel"
reply-channel="ws-response-channel"
error-channel="ws-error-channel"
marshaller="marshaller"
unmarshaller="marshaller"/>
<int:channel id="ws-request-channel"/>
<int:channel id="ws-response-channel"/>
<int:channel id="ws-error-channel"/>
<int:chain input-channel="ws-request-channel" output-channel="ws-response-channel">
<int:service-activator ref="yourBean" method="getUserResponse"/>
</int:chain>
There are some points here.
You need to define a bean, MyEndpoint type, I named it yourBean here.
yourEndPointUrl defines your end point URL for getUserResponse method.
I've defined service-activator inside a chain, you can add logging or another thing inside this chain to enrich your handling mechanism.
You also need to have a router for routing your requests in to different methods of your bean.

Using spring integration web service gateways with JMS

I need to implement a webservice client (and after that a webservice server) using spring-integration. I have already worked with the samples given by spring-integration team. That implementation uses HTTP as a transport layer. The client is making a HTTP request and server is sending back HTTP response. Instead of using HTTP I would like to use JMS as a transport layer. In this case client sends a SOAP-Request to a Queue (the server is listening to this queue) and while sending it also creates a temporary Queue and set that in the RepyTo in the JMS message header. Server gets receives the request from the Queue process it and then send back a SOAP-Response using the ReplyTo queue. I know we can do it using spring-ws and spring-jms libraries. I would like to do it using spring-integration support for ws and jms:
client sending request: java object -> Soap Message -> JMS message (payload is the SOAP xml)
server receiving request: JMS message (payload is the SOAP xml) -> Soap Message -> java object
server sending back response: java object -> Soap Message -> JMS message (payload is the SOAP xml)
For example I am giving xml configuration for webservice client that I am trying right now. Can you please check what I am missing?
<bean id="jndiEnvironment" class="java.util.Properties">
<constructor-arg>
<map>
<entry key="java.naming.factory.initial" value="value" />
<entry key="java.naming.provider.url" value="value" />
<entry key="java.naming.security.principal" value="value" />
<entry key="java.naming.security.credentials" value="value" />
</map>
</constructor-arg>
</bean>
<bean id="connectionFactory" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="/my/jndi/name" />
<property name="jndiEnvironment" ref="jndiEnvironment" />
</bean>
<bean id="marshaller" class="org.springframework.oxm.jibx.JibxMarshaller">
<property name="targetClass" value="zahid.play.si.ws.jms.GetCountryDescriptionRequest" />
</bean>
<bean id="destinationResolver"
class="org.springframework.jms.support.destination.JndiDestinationResolver">
<property name="jndiEnvironment" ref="jndiEnvironment" />
</bean>
<bean id="messageFactory" class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory" />
<bean id="messageSender" class="org.springframework.ws.transport.jms.JmsMessageSender">
<property name="connectionFactory" ref="connectionFactory" />
<property name="destinationResolver" ref="destinationResolver" />
</bean>
<bean id="messageTemplate" class="org.springframework.integration.core.MessagingTemplate">
<property name="defaultChannel" ref="requestChannel" />
</bean>
<int:channel id="requestChannel" />
<ws:outbound-gateway id="wsClientGateway"
uri="jms:MY.TOPIC?messageType=TEXT_MESSAGE&deliveryMode=NON_PERSISTENT"
message-factory="messageFactory" marshaller="marshaller" unmarshaller="marshaller"
message-sender="messageSender"
request-channel="requestChannel" />
In the java code I am using: messagingTemplate.convertSendAndReceive(MessageBuilder.withPayload(request).build()) to send a request.
But I am getting this error:
[jms:MY.TOPIC?messageType=TEXT_MESSAGE&deliveryMode =NON_PERSISTENT] is not a valid HTTP URL
Solved the problem :) Here is the solution:
1) Define a destination provider for your Jms Uri:
public class JmsDestinationProvider implements DestinationProvider {
private String jmsUri;
public URI getDestination() {
if(StringUtils.hasText(jmsUri)){
try {
return new URI(jmsUri);
} catch (URISyntaxException e) {
}
}
return null;
}
public void setJmsUri(String jmsUri) {
this.jmsUri = jmsUri;
}
}
2) In the spring xml file add a bean for this destination provider and use that bean in ws:outbound-gateway
<bean id="jmsDestinationProvider" class="play.zahid.springint.activemq.ws.JmsDestinationProvider">
<property name="jmsUri" value="jms:test_queue?messageType=TEXT_MESSAGE&deliveryMode=NON_PERSISTENT" />
</bean>
<ws:outbound-gateway id="wsClientGateway"
destination-provider="jmsDestinationProvider"
message-factory="messageFactory" marshaller="marshaller" unmarshaller="marshaller"
message-sender="messageSender"
request-channel="requestChannel" />

How/where can I manage Authentication at SecurityContext in pre-authentation Scenario

I wonder how/where can I manage Authentication at SecurityContext in pre-authentation Scenario.
I am using spring security 2.x to implement pre-authentation Scenario in my project. now, it patially work.
After user login by pre-authentation process, they can be authrozied with relevant roles, and are able to acecess resources which defined in security:filter.
e.g.
<security:filter-invocation-definition-source lowercase-comparisons="true" path-type="ant">
<security:intercept-url pattern="/resource/**" access="ROLE_ADMIN" />
In a some controller, I want to check principal in security content.
public abstract class AbstractUserAuthenticationController extends AbstractController
{
protected boolean isAuthenticated(String userName)
{
Object obj = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); // where issue come up
But SecurityContextHolder.getContext().getAuthentication() always return null.
In addition, I also can not use secuiry tag in jsp to check if user has relative roles
<security:authorize ifNotGranted="ROLE_ADMIN">
no role found
</security:authorize>
Below shows the "filterChainProxy" I am using.
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/*subscri*=httpSessionContextIntegrationFilter,logoutFilter,j2eePreAuthenticatedProcessingFilter,securityContextHolderAwareRequestFilter,subscribeExceptionTranslationFilter,filterInvocationInterceptor
/**=httpSessionContextIntegrationFilter,logoutFilter,j2eePreAuthenticatedProcessingFilter,logoutFilter,rememberMeProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
</value>
</property>
</bean>
<bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService" />
</bean>
<bean id="preAuthenticatedUserDetailsService" class="demo.project.security.auth.RsaAuthenticationUserDetailsService" >
<property name="userService" ref="userService" />
</bean>
<bean id="j2eePreAuthFilter" class="demo.project.security.filter.AutoLoginFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="userService" ref="userService" />
</bean>
I think I need to set Authentication to SecurityContext in somewhere, But I do not know where/where.
What I am missing? Can anyone provide me some clues?
Thanks!
Ian
You should use SecurityContextHolder.setContext method to store your SecurityContext prior to getting it back.
The simplest way for doing this is just SecurityContextHolder.setContext(new SecurityContextImpl()).

Remember-me- spring security

I am currently trying to implement remember me functionality in my website. Following is part of my configuration
<security:remember-me services-ref="rememberMeServices" />
<bean id="rememberMeServices" class="com.entertainment.ecom.web.auth.EcomRemembe rMeServices">
<property name="userDetailsService" ref="ecomUserDetailsService"/>
<property name="key" value="a23eef6dfd1514cb885f47070380ff18"/>
<property name="cookieName" value="ENTC"/>
<property name="tokenValiditySeconds" value="80000"/>
</bean>
My EcomRememberMeServices extends AbstractRememberMeServices & I have overridden onLoginFail & onLoginSuccess methods. My question is, from where my onLoginSuccess() method will be called?
I have tried to run above configuration & it was seen that onLoginFail gets called through RememberMeAuthenticationFilter(rememberMeServices.loginFail(request, response)) but when I checked source code for this filter, I could not find any call for onLoginSuccess() or loginSuccess() method. So do I need to call this explicitly?
In BasicAuthenticationFilter, there is a call for this method. So I tried to use it but still i does not work.(<http-basic/>). So can anyone please help me in this?
There is one more method logout(), which is called by logout filter. I guess you have to inject rememberMeServices into Login and Logout Filter as well (I am not sure if it can be done within http element in xml):
<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg index="0" type="org.springframework.security.web.authentication.logout.LogoutSuccessHandler" ref="logoutSuccessHandler" />
<constructor-arg index="1">
<list value-type="org.springframework.security.web.authentication.logout.LogoutHandler">
<ref local="rememberMeServices"/>
</list>
</constructor-arg>
</bean>
and
<bean id="formLoginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
...
<property name="rememberMeServices">
<ref local="rememberMeServices" />
</property>
</bean>

Creating a custom authentication with Acegi/Spring Security

I'm having trouble discovering exactly what I need to implement in order to use a custom authentication method with my web application using Spring Security. I have a Grails application with the Spring Security plugin that currently uses the standard user/password authentication with a browser form. This is working correctly.
I need to implement a mechanism alongside of this that implements a type of MAC authentication. If the HTTP request contains several parameters (e.g. a user identifier, timestamp, signature, etc.) I need to take those parameters, perform some hashing and signature/timestamp comparisons, and then authenticate the user.
I'm not 100% sure where to start with this. What Spring Security classes do I need to extend/implement? I have read the Reference Documentation and have an okay understanding of the concepts, but am not really sure if I need a Filter or Provider or Manager, or where/how exactly to create Authentication objects. I've messed around trying to extend AbstractProcessingFilter and/or implement AuthenticationProvider, but I just get caught up understanding how I make them all play nicely.
Implement a custom AuthenticationProvider which gets all your authentication information from the Authentication: getCredentials(), getDetails(), and getPrincipal().
Tie it into your Spring Security authentication mechanism using the following configuration snippet:
<bean id="myAuthenticationProvider" class="com.example.MyAuthenticationProvider">
<security:custom-authentication-provider />
</bean>
This step is optional, if you can find a suitable one from standard implementations. If not, implement a class extending the Authentication interface on which you can put your authentication parameters:
(e.g. a user identifier, timestamp, signature, etc.)
Extend a custom SpringSecurityFilter which ties the above two classes together. For example, the Filter might get the AuthenticationManager and call authenticate() using your implementation of Authentication as input.
You can extend AbstractAuthenticationProcessingFilter as a start.
You can reference UsernamePasswordAuthenticationFilter which extends AbstractAuthenticationProcessingFilter. UsernamePasswordAuthenticationFilter implements the standard Username/Password Authentication.
Configure your Spring Security to add or replace the standard AUTHENTICATION_PROCESSING_FILTER. For Spring Security Filter orders, see http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#filter-stack
Here is a configuration snippet for how to replace it with your implementation:
<beans:bean id="myFilter" class="com.example.MyAuthenticationFilter">
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
</beans:bean>
I have recently put up a sample application that does custom authentication with Spring Security 3.
The source code is here.
More details are in this blog post.
Here is an example of securityContext.xml configuration file using custom autenticationFilter (extending AUTHENTICATION_PROCESSING_FILTER) and authenticationProvider. The user authentication data is provided by jdbc connection. Configuration is for Spring Security 2.0.x
<?xml version="1.0" encoding="UTF-8"?>
<sec:global-method-security />
<sec:http auto-config="false" realm="CUSTOM" create-session="always" servlet-api-provision="true"
entry-point-ref="authenticationProcessingFilterEntryPoint" access-denied-page="/notauthorized.xhtml"
session-fixation-protection="migrateSession">
<sec:port-mappings>
<sec:port-mapping http="80" https="443" />
</sec:port-mappings>
<sec:anonymous granted-authority="ROLE_ANONYMOUS" username="Anonymous" />
<sec:intercept-url pattern="/**" access="ROLE_ANONYMOUS, ROLE_USER" />
<sec:logout logout-url="/logoff" logout-success-url="/home.xhtml" invalidate-session="false" />
</sec:http>
<bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/login.xhtml" />
<property name="forceHttps" value="false" />
</bean>
<bean id="authenticationProcessingFilter" class="mypackage.CustomAuthenticationProcessingFilter">
<sec:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
<property name="defaultTargetUrl" value="/" />
<property name="filterProcessesUrl" value="/logon" />
<property name="authenticationFailureUrl" value="/loginError.xhtml" />
<property name="alwaysUseDefaultTargetUrl" value="false" />
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<jee:jndi-lookup id="securityDataSource" jndi-name="jdbc/DB_DS" />
<bean id="myUserDetailsService" class="mypackage.CustomJdbcDaoImpl">
<property name="dataSource" ref="securityDataSource" />
<property name="rolePrefix" value="ROLE_" />
</bean>
<bean id="apcAuthenticationProvider" class="mypackage.CustomDaoAuthenticationProvider">
<property name="userDetailsService" ref="myUserDetailsService" />
<sec:custom-authentication-provider />
</bean>
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="apcAuthenticationProvider" />
</list>
</property>
</bean>
</beans>

Resources