Steps for Creating a Spring-WS Contract-First Service (continued from Part I) Referring back to Part I of the article series [REF-1], I had mentioned that the application context XML file is a composition of application beans (wired and managed by the Spring container) relevant to the particular Spring module being used.
In this article we'll go over the security configuration using Spring's support for WS-Security providing message-level authentication, and optionally message confidentiality and message integrity services, ORM (Object-Relational Mapping) to deal with persistence at the object level, and DAO for data access to a relational database storing user-credential information.
Next, we'll look at how Spring automatically generates the WSDL document using the data contract created earlier and, lastly, the client configuration required to invoke and consume the Web service.
Since these bean wirings are relevant only to the Web service's endpoint configuration, message routing and exception handling (all within the scope of the Spring-WS module [REF-3]), they are stored within a configuration file aptly called application
In this article we secure the service by authenticating the incoming Web service request containing a username token to user-credential information stored within a database and authorize access to the secured endpoint only to a particular role that the user must belong to.
Since you would typically have a separate application context file for each Spring module that you would need to adapt, we would need to create separate, appropriately named, XML context files containing wirings of application objects for the Security, ORM and DAO module.
The individual file classpaths are listed within the application's bootstrapped to the org.context. At runtime, Spring assembles a "virtual" container which essentially contains and manages the lifecycle and configuration of all its application context beans.
An easier way to do it is with XJC plugin from this site https://java.net/plugins/eclipse/6. Conversion Pattern=%d %p [%c] - %m%n package example.service; import JAXB2 marshaller and unmarshaller are declared with the following bean definition. The context path is the package name of JAXB generated classes. The client also uses JAXB2 marshalling and unmarshalling. Console Appender log4j.appender.stdout.layout=org.apache.log4j. The security token could not be authenticated or authorized; nested exception is : The security token could not be authenticated or authorized Mickey is also authorized Get person with id=2...
Create a log4j.properties file under the src folder with the following contents. log4Logger=WARN, stdout log4j.springframework.ws=DEBUG log4j.springframework.xml=DEBUG log4j.appender.stdout=org.apache.log4j. Console Appender log4j.appender.stdout.layout=org.apache.log4j. Person Response [id=2, first Name=Bruce, last Name=Wayne] Batman is not authorized Get person with id=2...
Passionate about open source, as contributor and evangelist, he is a frequent speaker at Java user groups, conferences and sponsored workshops.
He holds the Sun Certified Java Programmer, Certified Information Systems Security Professional (CISSP®), Certified Secure Software Lifecycle Professional (CSSLP®) and the Project Management Professional (PMP®) credentials.
The example in this article is a CRUD like application using SOAP Spring web services.