We have a .NET web services application which is using windows authentication. If the client is C# I am able to pass the current users credentials and the Web Services gets invoked. If it is a java client I am not sure how to pass the current users credentials.
If it is a Java Client, make sure you Java client artifacts include a Java implementation of WS-Security. WS-Security allows to represent "username/password" tokens in SOAP messages.
For a quick hello world example, I would suggest you to read the Java Web Services Tutorial for JWSDP 1.5 (Posted in java.sun.com). If you want to try out a Pattern check Chapter 11 (Web Services Security Patterns) and Chapter 7 (WS Security standards) both chapters discusses on how to implement Message-level security (including code examples) and strategies.
a) passed plain text and non-encrypted by default
b) require the web service to implement WS-Security spec
So, IF you re-write the web service to not use integrated authentication and instead accept annonymous or basic authentication and then implement the WS-Security spec, I could see that as working, BUT that's not using Windows Integrated Authorization.
Anyway, that's my question: How can a Java client access a web service that uses Windows Integrated Authentication (not basic, not WS-Security) if re-writing the web service is not an option.
If I'm wrong about any assumptions, I appologize in advance, I'm just going based on my understandings of these technologies.
Originally posted by Jim Hare:
I looked over that link, and it appears to just be yet another WS-Security example, which is NOT Windows Integrated Authentication, that is the question. How does one pass credentials that will work with Windows Integrated Authentication, NOT WSE.
Yeah you are right. I am facing the same problem. I dont think it is possible to pass the credetials from the java client. We had to set the security level to anonymous to get things working.