I am using spring mvc,spring security and spring web service to build web application.Honestly I don't know how to secure my web service although I went though this document 7. Securing your Web services with Spring-WS
So I use Spring Security to secure my web service too.Because this document The Security Filter Chain said:
Spring Security’s web infrastructure is based entirely on standard servlet filters. It doesn’t use servlets or any other servlet-based frameworks (such as Spring MVC) internally, so it has no strong links to any particular web technology. It deals in HttpServletRequest s and HttpServletResponse s and doesn’t care whether the requests come from a browser, a web service client, an HttpInvoker or an AJAX application.
I use soapUI to test my web service and if the username and password are correct, I can have correct return message:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://ift.tt/sVJIaE">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<ns3:createUserResponse xmlns:ns2="http://ift.tt/1DFuAzJ" xmlns:ns3="http://ift.tt/1vYDzOP">
<ns3:id>131073</ns3:id>
<ns3:message>success</ns3:message>
</ns3:createUserResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
But when put wrong username or password, I got message like the following:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 401 ????????</title>
</head>
<body>
<h2>HTTP ERROR 401</h2>
<p>
Problem accessing /skycityService.wsdl. Reason:
<pre>????????</pre>
</p>
<hr/>
<i>
<small>Powered by http://Jetty</small>
</i>
</body>
</html>
So my question is: How can I return well formatted message when the log in failed? Or should I use different way to secure web service?
Thanks in advance.
Aucun commentaire:
Enregistrer un commentaire