struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frank W. Zammetti" <>
Subject Re: Struts and WebServices with both FORM and BASIC authentication in same web app
Date Thu, 11 May 2006 04:12:45 GMT
Robert Taylor wrote:
> Greetings, can you have both FORM and BASIC authentication in the same 
> web application? (I don't think so, but thought I would ask)

No, you cannot.  I recently asked this same question... just look at the 
web-app DTD... at least in 2.3, auth-method is marked as ? affinity.

> I have a system of Struts web applications where I have users 
> authenticating using FORM based authentication. I also have a need for 
> B-to-B communication between these applications and with external 
> applications. I would like to use Axis2 for remoting and would like to 
> secure these web services using BASIC authentication over HTTPS.

I had an identical situation.  I wound up using IBM's WS engine built 
into Websphere, since we are a Websphere shop... interestingly, this is 
just a version of Axis anyway!  They deal with this issue though.

Before I did that though, I had a proof-of-concept using a filter to the 
basic auth check, simulate basic auth in reality.  The difference is 
that instead of request-challenge-validate as the cycle, the incoming WS 
request is required to container ID/PW with it, so I skip directly to 
the validate step.

> This has to be a common problem and was wondering if anyone had cracked 
> this nut yet? I've found examples of doing one or the other, but NOT 
> BOTH at the same time on the same web application.

I too would like to know how others have solved this problem.  It's nice 
when the app server has the capability built-in as Websphere does, but 
I'm interested in how it can be done in the absence of that.

> /robert


Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
AIM: fzammetti
Yahoo: fzammetti
Java Web Parts -
Supplying the wheel, so you don't have to reinvent it!

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message