I'm working on a demo application using spring boot. so the idea is to create a soap webservice and add a basic http authentication to it. I followed some tutorials on the net but it doesn't help me to solve the issue.

at first i created a simple soap webservice and i tested it using soapui. it works perfectly. when i added the spring security to the classpath i succeeded to open the wsdl provided by my app (using my browser and the login form provided by spring by default). but it failed to consume the webservice using soapui even after adding the authencation headers.

here is my app config.



      enabled: true
      name: client
      password: password


public class WebServiceConfig extends WsConfigurerAdapter {

public ServletRegistrationBean<Servlet> messageDispatcherServlet(ApplicationContext applicationContext) {
    MessageDispatcherServlet servlet = new MessageDispatcherServlet();
    return new ServletRegistrationBean<>(servlet, "/ws/library/*");

@Bean(name = "books")
public Wsdl11Definition defaultWsdl11Definition() {
    SimpleWsdl11Definition wsdl11Definition = new SimpleWsdl11Definition();
    wsdl11Definition.setWsdl(new ClassPathResource("/book.wsdl"));
    return wsdl11Definition;


public class BookEndpoint {

        namespace = "http://www.cleverbuilder.com/BookService/",
        localPart = "GetBook")
public GetBookResponse getBook(@RequestPayload GetBook book) {

    ObjectFactory factory = new ObjectFactory();
    GetBookResponse response = factory.createGetBookResponse();
    return response;

the request generated by soapui is as follows:

POST http://localhost:8080/ws/library/BookService HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: "http://www.cleverbuilder.com/BookService/GetBook"
Authorization: Basic Y2xpZW50OnBhc3N3b3Jk
Content-Length: 280
Host: localhost:8080
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Cookie: JSESSIONID=77EF4FFB2B5A52EC21A47C230624B6DE
Cookie2: $Version=1

<soapenv:Envelope     xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"     xmlns:book="http://www.cleverbuilder.com/BookService/">

and the server response :

HTTP/1.1 401 
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
WWW-Authenticate: Basic realm="Realm"
Content-Length: 0
Date: Mon, 22 Apr 2019 09:08:43 GMT

and the logged error is :

Voter: org.sp[email protected]77114100, returned: -1
ExceptionTranslationFilter     : Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]

can anyone help me please ?

1 Answers

Amdouni Mohamed Ali On Best Solutions

The problem was the crsf protection. I was able to resolve the problem by disabling it. Here's my the config that i added.

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    protected void configure(HttpSecurity http) throws Exception {