• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

security in webservice

 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am new to the webservice world. Please let me know how I can provide username and password with the web service call.
How does the container interpret it?
Alos, does the WSDL contain any credential information? If it does, how is it setup
Thanks,
Ram.
[ December 05, 2003: Message edited by: Simba Sriram ]
 
author
Posts: 11962
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Please let me know how I can provide username and password with the web service call. How does the container interpret it?

Depends on the web service, I guess. How is the web service expecting the credentials? If WS-Security is used, you should probably check these resources:
http://www-106.ibm.com/developerworks/webservices/library/ws-secure/#minorhead4.1
http://xml.coverpages.org/ws-security.html
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/html/securitywhitepaper.asp

does the WSDL contain any credential information? If it does, how is it setup

At least the WSDL specification doesn't mention anything about credentials.
 
Author
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Simba Sriram:
Hi,
How does the container interpret it?
Alos, does the WSDL contain any credential information? If it does, how is it setup
[ December 05, 2003: Message edited by: Simba Sriram ]


Lasse's right, take a look at WS-Security, there are also books available. If you want to look at lighter weight mechanisms, you may want to look at Google and Amazon web services. If I remember right, you would register for a key from Google, then pass it on each service call. This was relatively lightweight and NOT integrated with the containers or any shared context, but it may be worth looking at if you want something quick.
 
Lasse Koskela
author
Posts: 11962
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This started bugging me so I went and looked. I thought it was some Axis specific feature but it seems that JAX-RPC does support basic authentication.
 
Ranch Hand
Posts: 906
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Lasse Koskela:
This started bugging me so I went and looked. I thought it was some Axis specific feature but it seems that JAX-RPC does support basic authentication.


Yes, Jax-RPC does support Basic Authentication.
But what is puzzling me is how this fit with WS-Scurity ?
Which model is the best to choose ? Are they complementary ? (I acknowledge I never read the WS-Security spec)
 
Lasse Koskela
author
Posts: 11962
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

But what is puzzling me is how this fit with WS-Scurity ? Which model is the best to choose ? Are they complementary ?

Basic Authentication works only for certain transports (HTTP) while WS-Security is built into the SOAP envelope itself and thus is transport protocol agnostic. The former is more lightweight and easy to implement while the latter is more "industry strength". I don't think one would use them both, but I might be Ron, of course
 
JeanLouis Marechaux
Ranch Hand
Posts: 906
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Lasse Koskela:
Basic Authentication works only for certain transports (HTTP) while WS-Security is built into the SOAP envelope itself and thus is transport protocol agnostic. The former is more lightweight and easy to implement while the latter is more "industry strength". I don't think one would use them both, but I might be Ron, of course


No of course Lasse, it's obvious (the HTTP thing I mean).
I should have though twice before posting my question.
Sorry,
 
Aaaaaand ... we're on the march. Stylin. Get with it tiny ad.
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic