axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sven Schroebler" <sven.schroeb...@uni-muenster.de>
Subject [Axis2] Session Authentication Question
Date Wed, 21 Feb 2007 14:05:50 GMT
Hello Axis-Users / Developers,

I am working on a client application for a web-application using Axis2 with
Transport Session Management. While both the webservice as well as the
session management work (by the way: many thanks for fixing JIRA
AXIS2-2042), I am now facing the challenge of user authentication. 

As most of you have much more expertise in developing webservices in Axis2,
I would like to ask you for some conceptual advice.

My idea is that before the first session is invoked the user first needs to
authenticate on the webservice. After a successful authentication, the
session is generated on the server (Tomcat 5.5 in my case) and the
webservice communication can take place.

The following alternatives I could imagine so far:

a) - have two different webservices in one service group (one for
authentication, one for communication).
   - use Rampart for Authentication with Username-Token (as in
Rampart-Example 2) in first webservice (via PWCallbackHandler)
   - use generated session for further accessing the "transport" webservice
within the service group

b) - have only one webservice
   - do user/password check in service implementation class every time a
session is initiated ( init()-method ) - thereby controlling session
generation (I am not sure whether it is possible at all)


I would really appreciate your support.

Best Regards,
Sven


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message