Skip navigation
2011

Why Spring security and role based access control

 

  • Protect your web application and web service application
  • Role authorization ensures that user can only access services they are authorized
  • The basic security principle applies to any Java web application

     

Steps to protect your web service project

 

  • Create web service interceptors
  • Create Authentication provider
  • Protect your business method with Spring “Secured” annotation

 

Work flow

 

S4.jpg

 

  • Client makes a web service all
  • Spring EndPoint Interceptor intercepts the call
  • EndPoint Interceptor use the Authentication manager to authenticate the user
  • The Authentication manager call Authentication provider to  verify the user
  • The EndPoint calls  “Secured” service method
  • Spring method interceptor the call and verify user’s authorization
  • The method interceptor throws unauthorized exception if the user is not allowed to access the business method