axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ilari Kontinen <ilari.konti...@hut.fi>
Subject Re: security/authentication
Date Tue, 01 Jun 2004 13:45:54 GMT
Antoine Lefebvre wrote:

>Hi all,
>
>I use axis to provide services to a .net client. It works fine, but I've
>some question about security/authentication...
>
>
>-How are the "username" and "password" members set in the
>MessageContext?
>
>-Is it possible to use the NetworkCredential class in my .net client??
>
>Or simply: What's the best way to provide a simple authentication
>between .net client and axis?
>  
>
A simple way to provide authentication and encryption is to use 
HTTP-BASIC authentication over HTTPs-connection (SSL). I use Java-AXIS, 
but in it, you set the username / password values by:

    Call call = (Call)service.createCall();
    call.setTargetEndpointAddress(new URL(this.paateosoite));
    call.setUsername(this.kayttajatunnus);
    call.setPassword(this.salasana);

At the server-side you can extract the username / password values from 
MessageContext with the following code:

    MessageContext activeContext = MessageContext.getCurrentContext();
    String username = activeContext.getUsername();
    String password = activeContext.getPassword();

If you run your Axis-web service on Tomcat, it is also quite straight 
forward to configure the service. Just...

    1. Generate SSL-keystore
    2. Configure server.xml for SSL and to use the keystore.
    3. Configure you web-app's web.xml to require BASIC-authentication

Some links:
http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html

 ~ Ilari

Mime
View raw message