axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruchith Fernando <>
Subject Re: [Axis2] [Rampart] two questions
Date Fri, 10 Feb 2012 00:19:00 GMT
Hi James,

On Thu, Feb 9, 2012 at 7:37 AM, James Annesley <> wrote:

> Hi,****
> ** **
> Two questions:****
> ** **
> Introduction:****
> ** **
> I use Rampart 1.5.0 and Axis2 1.5.1. The SOAP server is WCF and it works
> ok. The policy is embedded in the SOAP and the AXIS2 client works after
> engaging Rampart without specifying a policy file.****
> The authentication is done on the SOAP server. For each client request the
> username and password is inserted into the ServiceClient's Options object.
> The strange thing is that Rampart also authenticates the username and
> password. ****
> ** **
> Question 1) Why does Rampart do its own authentication? I believe Rampart
> is needed in order to interpret the WS-Security SOAP messages - but I don't
> need it to do anything else.
 Rampart provides a callback mechanism which provides you the username and
password included in the incoming UsrnameToken for authentication (When you
use a plain text password). This callback handler which you implement as a
part of the service, carries out the authentication. For some reason if you
do not want to authenticate at this point but would rather authenticate at
the service implementation, that is still possible by obtaining the
security processing results from the message context of the incoming

> **
> Question 2) Really what I would like to do is leverage Tomcat's login
> features and still authenticate via the current system. I don't want to
> have to import all the authenticated users to the tomcat database and would
> prefer not having to implement something new on the SOAP server. I realise
> this might be more appropriate for the tomcat list. Any ideas?

I'm not sure what you mean here.


View raw message