Security is one of the important key in the success of a IT project but most of the time only user authentication or data encryption are taken into account. So security of the application is often not adressed or leave aside due to complexity of the implementation.
One of the reason explaining this situation comes from the fact that solutions or frameworks proposed to secure an application are difficult to configure and maintain. And this remark prevalls over the specification WS-Security.
In large company having deployed WS-Services to allow intra or inter connection between applications, Web application authentication with HTTPS protocol mechanisms are use to secure platforms. That means that users discovering the credentials used to connect to the web server can potentially have access to the services of the company.
WS-Security offers a way to authenticate the user connected to a web service or allow also a user to be trusted on the web server it is connected. This mechanism is interesting because it reinforce the security but provides also a way to restrict access to unauthorized users to web services.
Apache Camel and CXF frameworks offers a simplify way to implement this with only few lines of code and spring beans definition. Let’s see that in action :
We only need to use JAAS api to authenticate the user using the following java package “javax.security.auth.callback” and the project
WS4J of Apache. Here is a simple example authenticate a user using a list and the password provided.
This is here that the magic will operates as we will use Spring beans definition with Apache Web Services Framework - CXF and Apache Camel to expose the web service
Instantiate your WS4J bean
Add it as an interceptor to CXF to allow CXF to authenticate the user using the credentials provided in the SOAP header definition.
And finally, declare your camel route using the web services