axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vinay Punnoose <>
Subject Re: Authorizing users in Axis
Date Fri, 19 Nov 2004 04:52:35 GMT
The access control and username/passwd details are maintained in
perms.lst and users.lst located in axis\WEB-INF folder.
Typical entries in perms.lst are as follows:
  user1  WebserviceName1
  user2  WebserviceName2 

The users.lst would contain entries something like this
user1  password1
user2  password2

The wsdd file then needs to have a couple of entries added to it,
which is including handlers for authentication and authorization. 
Which is as follows

  <service name="WebserviceName1" provider="java:RPC">
     <parameter name="className" 
     <parameter name="allowedMethods" value="getHello"/>
     <parameter name="allowedRoles" value="user1"/>
     <requestFlow name="authorizationFlow">

While in the client we got to set the username and password by calling
the setter method of the Call object.

which can be done with

I hope this solves..


On Thu, 18 Nov 2004 14:58:36 -0500, Sharam Fouladgar-Mercer
<> wrote:
> Hi,
> As an Axis newbie, I am trying to figure out how to authorize users who
> should be accessing a certain method of my Web Service. Are there any
> standards out there that I should follow? Other than using the components of
> WS-Security (which are too new for my liking), I can only think of passing
> the username and password as parameters in the method, but that is not a
> standard either I believe (I would be using SSL over HTTP so it would be
> secure).
> Any ideas?
> Thanks,
> Sharam

View raw message