axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sullivan, Mark E" <Mark.Sulli...@nav-international.com>
Subject RE: Auth Notification in WSDL? / basic auth in apache
Date Fri, 16 Aug 2002 18:01:29 GMT
i see, but whether or not you use apache doesn't mean you can't use basic
authentication. Tomcat can do basic authentication on it's own. 

> -----Original Message-----
> From: Jason D. Lee [mailto:jason.lee@hobbylobby.com]
> Sent: Friday, August 16, 2002 11:03 AM
> To: 'axis-user@xml.apache.org'
> Subject: RE: Auth Notification in WSDL? / basic auth in apache
> 
> 
> I say that because I've never done tomcat/apache integration. 
>  I've been
> reading through the docs on how to do it, but I haven't tried 
> it yet.  I'm
> running (out of necessity. :\  network/firewall issues) on Win32, so
> additional modules, depending on what it is, may be hard to come by.
> 
> -- 
> Jason Lee - Programmer
> 405.745.1789
> Hobby Lobby Stores, Inc.
> 
> 
> 
> -----Original Message-----
> From: Sullivan, Mark E [mailto:Mark.Sullivan@nav-international.com]
> Sent: Friday, August 16, 2002 10:10 AM
> To: 'axis-user@xml.apache.org'
> Subject: RE: Auth Notification in WSDL? / basic auth in apache
> 
> 
> what makes you say that? i'm using mod_jk. You could use 
> .htaccess if you
> wanted, i just have my stuff hardcoded in the httpd.conf file. 
> 
> > -----Original Message-----
> > From: Jason D. Lee [mailto:jason.lee@hobbylobby.com]
> > Sent: Friday, August 16, 2002 10:18 AM
> > To: 'axis-user@xml.apache.org'
> > Subject: RE: Auth Notification in WSDL? / basic auth in apache
> > 
> > 
> > Sorry I'm dense, but I'm not sure how you have Apache doing the
> > authentication.  My first thought was with something like .htaccess
> > (assuming I'm right in reading that as you have tomcat 
> integrated with
> > Apache httpd), but it looks like that you can't do it that 
> > way given the way
> > tomcat integrates with apache.
> > 
> > -- 
> > Jason Lee - Programmer
> > 405.745.1789
> > Hobby Lobby Stores, Inc.
> > 
> > 
> > 
> > -----Original Message-----
> > From: Sullivan, Mark E [mailto:Mark.Sullivan@nav-international.com]
> > Sent: Friday, August 16, 2002 9:42 AM
> > To: 'axis-user@xml.apache.org'
> > Subject: RE: Auth Notification in WSDL? / basic auth in apache
> > 
> > 
> > <deployment name="FleetCharge" 
> > xmlns="http://xml.apache.org/axis/wsdd/"
> >             
> > xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"
> >             
> xmlns:xsi="http://www.w3.org/2000/10/XMLSchema-instance">
> >   <service name="FleetCharge" provider="java:MSG">
> >     <parameter name="className" value="com.nav.fcws.FleetCharge" />
> >     <parameter name="allowedMethods" value="SubmitInvoice" />
> >     <requestFlow>
> >       <handler type="java:com.nav.fcws.handlers.SchemaValidator"/>
> > 	<handler type="java:com.nav.fcws.handlers.SQLAuthHandler"/>
> > 	<handler type="java:com.nav.fcws.handlers.FCValidator"/>
> >     </requestFlow>
> >   </service>
> > </deployment>
> > 
> > this is a message style service. SchemaValidator validates 
> > the incoming
> > document against a schema. SQLAuthHandler makes sure the user 
> > has specific
> > access to resources based on some DB2 tables, and FCValidator 
> > applies some
> > business logic to the xml document before it it processed by 
> > the FleetCharge
> > web service class. All the password auth is done by apache
> > 
> > > -----Original Message-----
> > > From: Jason D. Lee [mailto:jason.lee@hobbylobby.com]
> > > Sent: Friday, August 16, 2002 9:48 AM
> > > To: 'axis-user@xml.apache.org'
> > > Subject: RE: Auth Notification in WSDL? / basic auth in apache
> > > 
> > > 
> > > Huh.  What does your wsdd look like, if you don't mind me 
> asking...
> > > 
> > > -- 
> > > Jason Lee - Programmer
> > > 405.745.1789
> > > Hobby Lobby Stores, Inc.
> > > 
> > > 
> > > 
> > > -----Original Message-----
> > > From: Sullivan, Mark E 
> [mailto:Mark.Sullivan@nav-international.com]
> > > Sent: Friday, August 16, 2002 9:35 AM
> > > To: 'axis-user@xml.apache.org'
> > > Subject: RE: Auth Notification in WSDL? / basic auth in apache
> > > 
> > > 
> > > basically i let the web server (apache) handle the basic 
> > > authentication. I
> > > use the username in the service for access control purposes, 
> > > but i never
> > > have to look at the password. If the user even gets to the 
> > > service, then
> > > they are authenticated. 
> > > 
> > > > -----Original Message-----
> > > > From: Jason D. Lee [mailto:jason.lee@hobbylobby.com]
> > > > Sent: Friday, August 16, 2002 9:35 AM
> > > > To: 'axis-user@xml.apache.org'
> > > > Subject: RE: Auth Notification in WSDL? / basic auth in apache
> > > > 
> > > > 
> > > > Ah! So you handle the authentication your self (by getting 
> > > > username and auth
> > > > from MessageContext) rather than letting the servlet (Axis) 
> > > handle it,
> > > > right?  That would mean that you wouldn't have the basic auth 
> > > > request flow
> > > > in your deployment descriptor if I'm following things 
> > > > correctly.  If I'm on
> > > > the right track so far, you grab the user name and password, 
> > > > and if they
> > > > aren't correct, throw an exception?  I'm just trying to wrap 
> > > > my brain around
> > > > this. :)
> > > > 
> > > > -- 
> > > > Jason Lee - Programmer
> > > > 405.745.1789
> > > > Hobby Lobby Stores, Inc.
> > > > 
> > > > 
> > > > 
> > > > -----Original Message-----
> > > > From: Sullivan, Mark E 
> > [mailto:Mark.Sullivan@nav-international.com]
> > > > Sent: Friday, August 16, 2002 9:20 AM
> > > > To: 'axis-user@xml.apache.org'
> > > > Subject: RE: Auth Notification in WSDL? / basic auth in apache
> > > > 
> > > > 
> > > > I do 
> > > > NetworkCredential nc = new NetworkCredential(LoginID,Password);
> > > > fc.Credentials=nc;
> > > > 
> > > > where LoginID and Password are strings and fc is a
> > > > System.Web.Services.Protocols.SoapHttpClientProtocol object.
> > > > 
> > > > This works correctly for me. On the serverside in axis 
> i just do a
> > > > MessageContext.getUserName()
> > > > 
> > > > 
> > > > -----Original Message-----
> > > > From: Jason D. Lee [mailto:jason.lee@hobbylobby.com]
> > > > Sent: Friday, August 16, 2002 9:18 AM
> > > > To: 'axis-user@xml.apache.org'
> > > > Subject: RE: Auth Notification in WSDL? / basic auth in apache
> > > > 
> > > > 
> > > > Whew. :)  Is that .Net against Axis using basic auth?  How 
> > > > did you get .Net
> > > > to pass the credentials.  Every time I make a call to the WS, 
> > > > it tells me
> > > > that user 'null' could not be authenticated:
> > > > 
> > > >     ICredentials credentials = new 
> > > NetworkCredential("user1","pwd1");
> > > >     stub.Credentials = credentials;
> > > >     stub.getDepts();
> > > > 
> > > > Any thoughts on that?  I know this is an Axis group, but... :)
> > > > 
> > > > I'm also going to take a look at Soap headers and see if I 
> > > > can solve it that
> > > > way.
> > > > -- 
> > > > Jason Lee - Programmer 
> > > > 405.745.1789 
> > > > Hobby Lobby Stores, Inc. 
> > > > -----Original Message-----
> > > > From: Phil Surette [mailto:psurette@espial.com]
> > > > Sent: Friday, August 16, 2002 8:43 AM
> > > > To: 'axis-user@xml.apache.org'
> > > > Subject: RE: Auth Notification in WSDL? / basic auth in apache
> > > > 
> > > > 
> > > > Yeah, I remember now, its KSOAP that doesn't support it.
> > > > -----Original Message-----
> > > > From: Sullivan, Mark E 
> > [mailto:Mark.Sullivan@nav-international.com]
> > > > Sent: Friday, August 16, 2002 9:20 AM
> > > > To: 'axis-user@xml.apache.org'
> > > > Subject: RE: Auth Notification in WSDL? / basic auth in apache
> > > > 
> > > > 
> > > > it does, i'm using it in production
> > > > -----Original Message-----
> > > > From: Jason D. Lee [mailto:jason.lee@hobbylobby.com]
> > > > Sent: Friday, August 16, 2002 8:30 AM
> > > > To: 'axis-user@xml.apache.org'
> > > > Subject: RE: Auth Notification in WSDL? / basic auth in apache
> > > > 
> > > > 
> > > > I've gotten basic auth working from an Axis client (which is 
> > > > purely for my
> > > > own testing.  Production will use a .Net client).  If .Net 
> > > > doesn't support
> > > > basic auth, we may have to rethink things... :\
> > > > 
> > > > -- 
> > > > Jason Lee - Programmer 
> > > > 405.745.1789 
> > > > Hobby Lobby Stores, Inc. 
> > > > -----Original Message-----
> > > > From: Phil Surette [mailto:psurette@espial.com]
> > > > Sent: Friday, August 16, 2002 8:17 AM
> > > > To: 'axis-user@xml.apache.org'
> > > > Subject: RE: Auth Notification in WSDL? / basic auth in apache
> > > > 
> > > > 
> > > > IIRC, SOAP implementations are not required to support 
> > basic auth, 
> > > > but Axis does (.NET doesn't). 
> > > > The org.apache.axis.client.Call object has setUsername() and 
> > > > setPassword() methods which are all you need for basic auth 
> > > > (on the client side). 
> > > > -----Original Message----- 
> > > > From: Jason D. Lee [mailto:jason.lee@hobbylobby.com] 
> > > > Sent: Friday, August 16, 2002 9:21 AM 
> > > > To: 'axis-user@xml.apache.org' 
> > > > Subject: RE: Auth Notification in WSDL? 
> > > > 
> > > > 
> > > > That sounds like what I'm going to have to do.  The only 
> > > > problem is that I'm
> > > > 
> > > > not sure where to start with that.  Honestly, I haven't had a 
> > > > chance to do 
> > > > much research on it yet.  Any pointers on where to start 
> > > > looking (web, Axis 
> > > > dox, etc.)?  Thanks. :) 
> > > > -- 
> > > > Jason Lee - Programmer 
> > > > 405.745.1789 
> > > > Hobby Lobby Stores, Inc. 
> > > > 
> > > > 
> > > > 
> > > > -----Original Message----- 
> > > > From: Adam.Leggett [mailto:Adam.Leggett@upco.co.uk] 
> > > > Sent: Friday, August 16, 2002 4:22 AM 
> > > > To: 'axis-user@xml.apache.org' 
> > > > Subject: RE: Auth Notification in WSDL? 
> > > > 
> > > > 
> > > > Why not use the SOAP Header to carry authentication, and 
> > > > define the message 
> > > > in your WSDL? 
> > > > If you define a compound 'AuthHeader' type and message that 
> > > > uses it, Visual 
> > > > Studio .NET should auto gen the stubs. 
> > > > Adam 
> > > > -----Original Message----- 
> > > > From: Chris Haddad [mailto:haddadc@cobia.net] 
> > > > Sent: 12 August 2002 20:11 
> > > > To: axis-user@xml.apache.org 
> > > > Subject: RE: Auth Notification in WSDL? 
> > > > 
> > > > 
> > > > Jason - A single standard for defining and implementing 
> > > > authentication 
> > > > does not exist, so it is hard to understand the dialogue 
> > > > between you and 
> > > > the external company. 
> > > > It seems like they are requesting a 'login method' to call. The 
> > > > implementation will vary depending upon how you've baked 
> > > > security into 
> > > > your infrastructure.   Maybe you just need to provide them 
> > > > with a spec? 
> > > > /Chris 
> > > > -----Original Message----- 
> > > > From: Jason D. Lee [mailto:jason.lee@hobbylobby.com] 
> > > > Sent: Monday, August 12, 2002 2:51 PM 
> > > > To: Axis (E-mail) 
> > > > Subject: Auth Notification in WSDL? 
> > > > Is it possible (or even necessary) for a web service to 
> > note in the 
> > > > generated WSDL (http://...?wsdl) that the service requires 
> > > > authentication? 
> > > > I'm writing my service in Java, but the client, written by an 
> > > > external 
> > > > company, will be written in C#, and he's telling me 
> that the stub 
> > > > generation 
> > > > based on my current WSDL is not creating the method calls for 
> > > > setting up 
> > > > authentication.  Am I forgetting to do something in my 
> > > .wsdd or is he 
> > > > expecting something that won't be there?  Thanks... 
> > > > -- 
> > > > Jason Lee - Programmer 
> > > > 405.745.1789 
> > > > Hobby Lobby Stores, Inc. 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > The contents of this email are intended only for the named 
> > > > addressees and 
> > > > may contain confidential and/or privileged material. If 
> > > > received in error 
> > > > please contact UPCO on +44 (0) 113 201 0600 and then delete 
> > > > the entire 
> > > > e-mail from your system. Unauthorised review, distribution, 
> > > > disclosure or 
> > > > other use of this information could constitute a breach of 
> > > > confidence. Your 
> > > > co-operation in this matter is greatly appreciated. 
> > > > 
> > > 
> > 
> 

Mime
View raw message