axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From SP ...@soapknox.com>
Subject RE: How to authenticate web services
Date Thu, 24 Apr 2003 20:04:47 GMT
Hi Saurabh,

You can use basic HTTP authentication to authenticate clients. The
clients can pass username and password by using these two methods on the
Call object:

    call.setUsername("username");
    call.setPassword("password");

You can use a handler on the service to do the authentication. In the
handler, you can extract username and password by doing this:

      String username = msgContext.getUsername();
      String password = msgContext.getPassword();

This way you can check username and password and implement
authentication on a web service.

I have developed a Web services gateway which does all these stuff (and
much more). This gateway sits in front of the actual Web services and
does authentication, authorization, tracking, auditing, response time
statistics and lot of administrative functionalities etc. It also has
service subscription workflow built into the system. I have set up the
gateway for demo purpose. Go to:

http://soapknox.servehttp.com:8080

and check it out. You will more information about the gateway at
http://www.soapknox.com

I can give you the software for free if you want to use/test it. Let me
know.

Sam

-----Original Message-----
From: Saurabh Gupta [mailto:sgupta@mail.etouch.net]
Sent: Wednesday, April 23, 2003 11:35 PM
To: axis-user@ws.apache.org
Subject: How to authenticate web services


Hi All,

   We are using Bowstreet as app server and calling web
services deployed on Axis. The web services are java
classes with primitive input and output types. No
authentication are being done in the web services side.
However now we are concerned about the authentication and
would want to ensure that all groups in our company should
not be able to access them . Since I am new to Web
Services I would appreciate if somebody can share his/her
views regarding the best ways of making them protected (
kind of passing the password sort of thing from client or
....anything that is best in this scenario ).

Willing to provide any more information necessary.

Thanks in advance
Regards
Saurabh





Mime
View raw message