axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Michalopoulos" <gmichalopou...@d2hawkeye.com>
Subject RE: adding security to webservices in axis
Date Fri, 29 Oct 2004 17:04:34 GMT
Check out wss4j from Apache (http://ws.apache.org/ws-fx/wss4j/).  This is an
implementation of the WS-Security spec.  Documentation is a little weak at
this point in time, but I was about to use the UsernameToken in the SOAP
header and a password callback class to authenticate a user making a
request.  The spec outlines ways to encrypt and sign SOAP messages as well.

Greg 

-----Original Message-----
From: Wagle, Shriniwas [mailto:Shriniwas_Wagle@sra.com] 
Sent: Friday, October 29, 2004 10:23 AM
To: axis-user@ws.apache.org
Subject: RE: adding security to webservices in axis

We implemented security at the transport level using SSL with
client-authentication.
The good thing about this is the web services code does not have to deal
with security related aspects at all.  It works well, and in a predictable
manner.
We had a binary level of security - either a client can invoke the web
service or not.  We didn't have tiered security or diff levels of
authorization.  Having to deal with that will complicate this solution.

The negative aspect is the overhead in managing all the certs and keys
floating around and ensuring the security policy is well understood and
adhered to. 

The latest JAX RPC comes with message level security.  You might want to
explore that but I believe the standardization in that area is not yet
complete.  So not sure about the level of interoperability needs on your
project and the impact of using something non-standard.

-----Original Message-----
From: Marco Mistroni [mailto:mmistroni@waersystems.com]
Sent: Thursday, October 28, 2004 4:43 AM
To: axis-user@ws.apache.org
Subject: adding security to webservices in axis

Hello all,
	I have a question for axis mailing list..
I would like to add security to my axis webservice, and I am looking For
tips..
What I want to avoid is to going and modify the web.xml in tomcat for adding
Users....
I am sure that there is at least someone on this list which came across This
problem...

Any hints will be appreciated...

Thanks in advance and regards
	marco





Mime
View raw message