axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ilari Kontinen <>
Subject Re: security/authentication
Date Tue, 01 Jun 2004 13:45:54 GMT
Antoine Lefebvre wrote:

>Hi all,
>I use axis to provide services to a .net client. It works fine, but I've
>some question about security/authentication...
>-How are the "username" and "password" members set in the
>-Is it possible to use the NetworkCredential class in my .net client??
>Or simply: What's the best way to provide a simple authentication
>between .net client and axis?
A simple way to provide authentication and encryption is to use 
HTTP-BASIC authentication over HTTPs-connection (SSL). I use Java-AXIS, 
but in it, you set the username / password values by:

    Call call = (Call)service.createCall();
    call.setTargetEndpointAddress(new URL(this.paateosoite));

At the server-side you can extract the username / password values from 
MessageContext with the following code:

    MessageContext activeContext = MessageContext.getCurrentContext();
    String username = activeContext.getUsername();
    String password = activeContext.getPassword();

If you run your Axis-web service on Tomcat, it is also quite straight 
forward to configure the service. Just...

    1. Generate SSL-keystore
    2. Configure server.xml for SSL and to use the keystore.
    3. Configure you web-app's web.xml to require BASIC-authentication

Some links:

 ~ Ilari

View raw message