axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yogesh Pant <my_instyn...@yahoo.com>
Subject Re: Authentication - Could anyone help me plzzzzzzz
Date Thu, 04 Dec 2003 13:31:09 GMT
How does html header come into picture of web service communication?
 

 
 
Harald Pollak <h.pollak@pke.at> wrote:
as you said:
Handlers providing a addinal layer to the webservice, you also don't descripe the HTML-Header
in the wsdl


Am Don, den 04.12.2003 schrieb Yogesh Pant um 14:12: The header element is a part of SOAP
message. As per web services specification, message description should be included in the
wsdl document. 
 
Handler is a mechanism used by Axis to provide an additional layer for processing incoming/outgoing
message. In any case wsdl should be a complete description of types, message, porttype etc.
 
Axis must have a way out to describe header elements in wsdl thru deployment descriptor.
 
 
- yogesh

Harald Pollak <h.pollak@pke.at> wrote: as i have understood:

The handler is a thing befor the WS ( not part of it ) and the WSDL describe the WS - so elements
only used in handler shouldn't and couldn't be described in Webservice, so you can only tell
your opposit what to do in document the webservice in hardware ways ( email, letters, tell
him ... ).

best regards 
Harry

Am Don, den 04.12.2003 schrieb Yogesh Pant um 13:49: Hello ppl,
I have got a custom authentication handler. It authenticates the incoming message very well.
 
My problem is that the generated wsdl has no mention of header elements at all. HOW DO I ACHIEVE
THIS?
 
Do I need to configure the deployment descriptor a little bit more?
 
Please help.
 
Thanks in advance.
 
regards,
- yogesh
 
 
 
 
 
 
Sunil Iyengar <s.iyengar@eim.surrey.ac.uk> wrote: Hi Tony,
If you wanted to use application level security, maybe try using
ws-security (encryption and signatures) using handlers in axis. You will
find quite a few links on
this in the axis mailing list.
You may have to design the authentication protocol and then implement this
using ws-security.
Hope this helps :)

Cheers
Sunny

***********************************************************
Sunil Iyengar,
Research Fellow, Networks Group,
Centre For Communication And Systems Research(CCSR),
School of Electronics, Computing & Mathematics,
University Of Surrey, Guildford GU2 7XH,
Surrey, England, United Kingdom.
Office: +44 (0)1483 686008
***********************************************************

On Thu, 4 Dec 2003, Tony Vieitez wrote:

> Hi
>
> I asked a question on this subject recently, but I don't think I asked
> it clearly enough, because the answers I got back, alth ough helpful,
> didn't quite give me the answer I was after. Now I understand a bit more
> about authentication I can (hopefully) formulate my question a bit more
> clearly. In fact, I have a number of questions which revolve around the
> same subject:
>
> 1. I have implemented container level authentication, and have given the
> client application access to the web service by implementing in this
> client the following code:
>
> call.setUsername("myUsername");
> call.setPassword("myPassword");
>
> This works fine. But how do I implement application level security,
> instead of just relying on the web container to authenticate the calling
> client?
>
> 2. As stated above, I have implemented container level authentication
> for the whole of the axis web app, and now I want to use the Axis 
> Servlet to administer the system, I have to provide a username and
> pas sword but I get an unauthorised error. Here is what I did:
>
> At the command prompt I tried:
> java org.apache.axis.client.AdminClient -l
> http://myserver:8080/axis/servlet/AxisServlet list
>
> I also tried:
> java org.apache.axis.client.AdminClient -l
> http://myserver:8080/axis/servlet/AxisServlet -u myUsername -p
> myPassword list
>
> and I got this:
> Exception (401)Unauthorised
>
> As stated, this is container level security, which I would like to know
> how to implement. I would also like to know how to implement application
> level security, that is how to implement security that is part of axis
> and not just rely on the security features that comes with tomcat
>
> Any insight into any of these issues would be most gratefully received
>
> Tony
>
> 
---------------------------------
Do you Yahoo!?
Free Pop-Up Blocker - Get it now 
---------------------------------
Do you Yahoo!?
Free Pop-Up Blocker - Get it now 

---------------------------------
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
Mime
View raw message