Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security in webservice

 
Raji Sriram
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am new to the webservice world. Please let me know how I can provide username and password with the web service call.
How does the container interpret it?
Alos, does the WSDL contain any credential information? If it does, how is it setup
Thanks,
Ram.
[ December 05, 2003: Message edited by: Simba Sriram ]
 
Lasse Koskela
author
Sheriff
Posts: 11962
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please let me know how I can provide username and password with the web service call. How does the container interpret it?
Depends on the web service, I guess. How is the web service expecting the credentials? If WS-Security is used, you should probably check these resources:
http://www-106.ibm.com/developerworks/webservices/library/ws-secure/#minorhead4.1
http://xml.coverpages.org/ws-security.html
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/html/securitywhitepaper.asp
does the WSDL contain any credential information? If it does, how is it setup
At least the WSDL specification doesn't mention anything about credentials.
 
Paul Monday
Author
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Simba Sriram:
Hi,
How does the container interpret it?
Alos, does the WSDL contain any credential information? If it does, how is it setup
[ December 05, 2003: Message edited by: Simba Sriram ]

Lasse's right, take a look at WS-Security, there are also books available. If you want to look at lighter weight mechanisms, you may want to look at Google and Amazon web services. If I remember right, you would register for a key from Google, then pass it on each service call. This was relatively lightweight and NOT integrated with the containers or any shared context, but it may be worth looking at if you want something quick.
 
Lasse Koskela
author
Sheriff
Posts: 11962
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This started bugging me so I went and looked. I thought it was some Axis specific feature but it seems that JAX-RPC does support basic authentication.
 
JeanLouis Marechaux
Ranch Hand
Posts: 906
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Lasse Koskela:
This started bugging me so I went and looked. I thought it was some Axis specific feature but it seems that JAX-RPC does support basic authentication.

Yes, Jax-RPC does support Basic Authentication.
But what is puzzling me is how this fit with WS-Scurity ?
Which model is the best to choose ? Are they complementary ? (I acknowledge I never read the WS-Security spec)
 
Lasse Koskela
author
Sheriff
Posts: 11962
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But what is puzzling me is how this fit with WS-Scurity ? Which model is the best to choose ? Are they complementary ?
Basic Authentication works only for certain transports (HTTP) while WS-Security is built into the SOAP envelope itself and thus is transport protocol agnostic. The former is more lightweight and easy to implement while the latter is more "industry strength". I don't think one would use them both, but I might be Ron, of course
 
JeanLouis Marechaux
Ranch Hand
Posts: 906
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Lasse Koskela:
Basic Authentication works only for certain transports (HTTP) while WS-Security is built into the SOAP envelope itself and thus is transport protocol agnostic. The former is more lightweight and easy to implement while the latter is more "industry strength". I don't think one would use them both, but I might be Ron, of course

No of course Lasse, it's obvious (the HTTP thing I mean).
I should have though twice before posting my question.
Sorry,
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic