Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

web service security with Axis

 
Sol Mayer-Orn
Ranch Hand
Posts: 311
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I'd greatly appreciate advice on the following.
In short: what do you do when a web-service requires clients to login (supplying user + password), *but* the server/web-app can't be configured to use basic web authentication ?

We have an Axis web service, which requires login (namely, clients connecting to the web service must supply user + password ) .

Now, normally this should be handled by the servlet-container (configure "web.xml" to use "Basic Web Authentication", and put Security Constraints on the web-service URL ).

*Unfortunately*, we can't take this approach, since our web-application is already using *Form-Based* login (namely: the same web-application that contains our Axis servlet, also contains other modules - such as JSP pages - that rely on form-based login).

Any recommendations for this situation ? We are considering solutions, such as:
1) A filter to intercept requests to the web-service, and check for user credentials.
2) Passing user + password on applicative level, as additional method parameters (we use HTTPS, so passwords can be transmitted safely).
3)
Those this make sense ? Or is there some feature build into Axis that could help ?

Thanks a lot.
 
Rr Kumaran
Ranch Hand
Posts: 548
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
please take a look at WS Token specification and its implementation using various WS Security spec. implementation frameworks like Apache WSS4J, IBM XSS, VeriSign TSIK. Again you have choices here ...
 
Sol Mayer-Orn
Ranch Hand
Posts: 311
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks very much. I was not aware of this.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic