axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry Edwardson" <>
Subject Re: How to authenticate web services
Date Thu, 24 Apr 2003 22:23:38 GMT
Hi Sam, your gateway sounds very interesting is there any chance you could
guide me in the process of authentication, I am also using username password
and allowing users to register, but when I try and get a handle on the
MessageContext on the service side it comes back null, I think I have to
write my own custom handler, can you help.
----- Original Message -----
From: "SP" <>
To: <>; <>
Sent: Friday, April 25, 2003 6:04 AM
Subject: RE: How to authenticate web services

> Hi Saurabh,
> You can use basic HTTP authentication to authenticate clients. The
> clients can pass username and password by using these two methods on the
> Call object:
>     call.setUsername("username");
>     call.setPassword("password");
> You can use a handler on the service to do the authentication. In the
> handler, you can extract username and password by doing this:
>       String username = msgContext.getUsername();
>       String password = msgContext.getPassword();
> This way you can check username and password and implement
> authentication on a web service.
> I have developed a Web services gateway which does all these stuff (and
> much more). This gateway sits in front of the actual Web services and
> does authentication, authorization, tracking, auditing, response time
> statistics and lot of administrative functionalities etc. It also has
> service subscription workflow built into the system. I have set up the
> gateway for demo purpose. Go to:
> and check it out. You will more information about the gateway at
> I can give you the software for free if you want to use/test it. Let me
> know.
> Sam
> -----Original Message-----
> From: Saurabh Gupta []
> Sent: Wednesday, April 23, 2003 11:35 PM
> To:
> Subject: How to authenticate web services
> Hi All,
>    We are using Bowstreet as app server and calling web
> services deployed on Axis. The web services are java
> classes with primitive input and output types. No
> authentication are being done in the web services side.
> However now we are concerned about the authentication and
> would want to ensure that all groups in our company should
> not be able to access them . Since I am new to Web
> Services I would appreciate if somebody can share his/her
> views regarding the best ways of making them protected (
> kind of passing the password sort of thing from client or
> ....anything that is best in this scenario ).
> Willing to provide any more information necessary.
> Thanks in advance
> Regards
> Saurabh

View raw message