axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vinay Punnoose <vinay.punno...@gmail.com>
Subject Re: Authorizing users in Axis
Date Fri, 19 Nov 2004 04:52:35 GMT
The access control and username/passwd details are maintained in
perms.lst and users.lst located in axis\WEB-INF folder.
Typical entries in perms.lst are as follows:
  user1  WebserviceName1
  user2  WebserviceName2 

The users.lst would contain entries something like this
user1  password1
user2  password2

The wsdd file then needs to have a couple of entries added to it,
which is including handlers for authentication and authorization. 
Which is as follows

<deployment
  xmlns="http://xml.apache.org/axis/wsdd/"
  xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"
  xmlns:xsi="http://www/w3.org/2000/10/XMLSchema-instance">
  <service name="WebserviceName1" provider="java:RPC">
     <parameter name="className" 
                      value="HelloWebservice"/>
     <parameter name="allowedMethods" value="getHello"/>
     <parameter name="allowedRoles" value="user1"/>
     <requestFlow name="authorizationFlow">
          <handler
type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
          <handler
type="java:org.apache.axis.handlers.SimpleAuthorizationHandler"/>
      </requestFlow>
      
  </service>
</deployment>


While in the client we got to set the username and password by calling
the setter method of the Call object.

which can be done with
 call.setUsername(username);
 call.setPassword(password);

I hope this solves..

Regards
Vinay


On Thu, 18 Nov 2004 14:58:36 -0500, Sharam Fouladgar-Mercer
<sharam.fouladgar@appiancorp.com> wrote:
> 
> 
> 
> Hi,
> 
>  
> 
> As an Axis newbie, I am trying to figure out how to authorize users who
> should be accessing a certain method of my Web Service. Are there any
> standards out there that I should follow? Other than using the components of
> WS-Security (which are too new for my liking), I can only think of passing
> the username and password as parameters in the method, but that is not a
> standard either I believe (I would be using SSL over HTTP so it would be
> secure).
> 
> Any ideas?
> 
>  
> 
> Thanks,
> 
> Sharam

Mime
View raw message