axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Katiyar, Bhawana" <Bhawana.Kati...@workscape.com>
Subject RE: Web Service Security Design
Date Thu, 24 Apr 2003 15:01:24 GMT
you can use Java:RPC and still use SOAP headers for storing any information.
 
-Bh 

-----Original Message-----
From: Sofiane Cherchalli [mailto:sofiane.cherchalli@madrid.sema.slb.com]
Sent: Thursday, April 24, 2003 10:44 AM
To: axis-user@ws.apache.org
Subject: Web Service Security Design



Hi there

I'm designing a Axis Web Service that would run under tomcat. The Web
Service client is a standalone Java/Swing WebStart enabled program.

Basically, the Web Service exposes 3 methods that could be called only by
authentified users (Defined in a database table). When client program starts
it display a dialog box with login and password to allow the user to
identify himself. I need to implement the following features:

- User sessions : Once a user is connected, a session is created. Session is
destroyed if user disconnects or timeouts ( stays idle for a certain time ).
When session expires, a subsequent call to web service method has to inform
client application that session expired, and though display again the login
dialog box.

- When web service is called from a client browser, users session is
automatic since tomcat either sends a cookie or uses url rewriting ( If
cookies not enabled ). In my case, it's a webstart enabled application, and
I think there a Cookie management service in webstart api, but the remaining
question is: How to read the cookie sent by the server ?

- Using java:RPC method call doesn't allow to access to SOAP message, right?
So I was thinking to use message calls, and write in SOAP response header
the session id to allow the client to store it for future calls!

- Another feature I want to add is, encrypting messages exchanges using
HTTPS.

Well, i would greatly appreciate any design ideas, and would like to know if
what I'm trying to do is feasable ?

Thanks in advance



Mime
View raw message