Hello!

I have asked question about security here http://forum.springframework.net/showthread.php?t=795

If there any other way to use security?
WebServiceClientFactory properties Username and Password use IIS authentication, but how to provide my own authentication?

WSE is probably good, but if there any way to solve the problem - it would be better.

I have my own list of usernames and passwords. How to make Spring.NET Web-Service to check it in easier manner?

Thanks in advance!

Hi,

An elegant way to do this is to use Spring.Aop.
Applying an aspect to the WebServiceClientFactory that will call tha target method only if the user is authenticated.


Bruno

Bruno!

I used AOP, but I didn't catch how to make AOP web-service know the username and password, specified during the call.

The calling class doesn't know whether the username was provided at all.
The problem is to push the username and password into calling class through AOP. I don't need to use IIS security which is not controlled by my class.

Of course it's easy to provide username and password into every method of my class, but this way sucks! Is it another way to solve this problem?

I'm at a deadlock! Please help!

A simple way is to add one or many properties to your advice that contains user information.
You can populate them via configuration and dependency injection or programmatically.


For example, 2 properties Username and Password....

public class MyAdvice : IMethodInterceptor
{
private string username;
private string password;
private IUserService userService;

public string Username
{
get { return username; }
set { username = value; }
}

public string Password
{
get { return password; }
set { password = value; }
}

public IUserService UserService
{
get { return userService ; }
set { userService = value; }
}

public object Invoke(IMethodInvocation invocation)
{
if (userService.Login(Username, Password))
{
return invocation.Proceed();
}
else
{
throw new Exception("Blabla");
}
}
}



Hope this helps,
Bruno

I think the real problem Vladosha is trying to solve is not how to provide usernames and passwords to the AOP advice (which should be on the server side, not on the client side from what I understood), but how to pass credentials from the client to the server within a SOAP message.

I guess it would be possible to do this by providing support for custom SOAP headers in the WebServiceClientFactory, but in my opinion you should switch to WSE as soon as your requirements become more complex than basic WS call (which for most real-world applications means that you should pretty much use WSE from the get-go).

Then you can use server-side AOP advice to extract credentials from the message and authenticate any way you see fit before invoking target service method.

HTH,

Aleks

Hi,

Check that thread for an example of using soap headers for authentication :
Spring Web Services and soap headers (http://forum.springframework.net/showthread.php?t=3976)

- Bruno