Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Secure Web Service Methods and Performance Concern

 
Ricky Murphy
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am developing a set of web services methods for some admin users. now I need to add in some authentication and authorization to secure those methods. Now I have some performance concerns. Say when an admin is using the UI, every time this admin does a submit to a service method, the admin needs to pass through the authentication and authorization process. This seems to be chatty. I understand that web service should be designed to be stateless, but in order to reduce the times of the auth calls, shall I use session for this purpose? that means: when the same user tries to use those secured methods in the same session. He or she only needs to go thru auth once. What is the usual practice on this issue? I am using Axis 1.4 by the way with jdk 1.5.

Thank you.

Rick
[ June 21, 2008: Message edited by: Ricky Murphy ]
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you certain that you need to optimize this? By that I mean whether you have timed the execution of the WS including security, and found that they take too long for the user to endure?

I'm asking because, yes, there's an overhead, but I'd want to be sure that it matters before doing anything about it.

the admin needs to pass through the authentication and authorization process. This seems to be chatty.

I'm not sure what you mean by this. The credentials entered by the human being can be remembered by the client app, so the person doesn't need to go through it more than once. What is "chatty" about that? WS-Security info is tacked onto the SOAP call, so it's not like there are additional WS calls to be made.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!