Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Java client accessing .net WS

 
Pradeep bhatt
Ranch Hand
Posts: 8927
Firefox Browser Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

We have a .NET web services application which is using windows authentication. If the client is C# I am able to pass the current users credentials and the Web Services gets invoked. If it is a java client I am not sure how to pass the current users credentials.

Thanks
Pradip
 
Ramesh Nagappan
Author
Ranch Hand
Posts: 159
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Pradip,

If it is a Java Client, make sure you Java client artifacts include a Java implementation of WS-Security. WS-Security allows to represent "username/password" tokens in SOAP messages.

For a quick hello world example, I would suggest you to read the Java Web Services Tutorial for JWSDP 1.5 (Posted in java.sun.com). If you want to try out a Pattern check Chapter 11 (Web Services Security Patterns) and Chapter 7 (WS Security standards) both chapters discusses on how to implement Message-level security (including code examples) and strategies.

/Ramesh
 
Pradeep bhatt
Ranch Hand
Posts: 8927
Firefox Browser Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
WS-Security allows to represent "username/password" tokens in SOAP messages.

I am asuming that username/password will be passed in encrypted format.Is that right?
 
Ramesh Nagappan
Author
Ranch Hand
Posts: 159
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Pradip Bhat:

I am asuming that username/password will be passed in encrypted format.Is that right?



Ofcourse, you would choose to use XML encryption and XML Digital Sign for ensuring it integrity.

/R
 
Jim Hare
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Perhaps I'm wrong, but I'm not sure this answers the question per se. I'm hitting against the same problem. I want to allow a Java client to access a .NET web service using Integrated Authentication. As far as I know, WS-Security does not address this. WS-Security Username tokens are:

a) passed plain text and non-encrypted by default
b) require the web service to implement WS-Security spec

So, IF you re-write the web service to not use integrated authentication and instead accept annonymous or basic authentication and then implement the WS-Security spec, I could see that as working, BUT that's not using Windows Integrated Authorization.

Anyway, that's my question: How can a Java client access a web service that uses Windows Integrated Authentication (not basic, not WS-Security) if re-writing the web service is not an option.

If I'm wrong about any assumptions, I appologize in advance, I'm just going based on my understandings of these technologies.
 
Jim Hare
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I looked over that link, and it appears to just be yet another WS-Security example, which is NOT Windows Integrated Authentication, that is the question. How does one pass credentials that will work with Windows Integrated Authentication, NOT WSE.
 
Pradeep bhatt
Ranch Hand
Posts: 8927
Firefox Browser Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Jim Hare:
I looked over that link, and it appears to just be yet another WS-Security example, which is NOT Windows Integrated Authentication, that is the question. How does one pass credentials that will work with Windows Integrated Authentication, NOT WSE.


Yeah you are right. I am facing the same problem. I dont think it is possible to pass the credetials from the java client. We had to set the security level to anonymous to get things working.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic