Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Wss4J Security question on Username Token

 
partha naveen
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I had a doubt on the following scenario.

There is a set of web services hosted on a Microsoft environment (acting as producers). The access to these web services is primarily based on a two step methodology

Step 1: Use Authentication service by sending relevant username, password details which returns a session token if the user is valid
Step 2. To use any other service the WSDL says that we need to send the session token along with user name by using Username Token security .

I am using WSS4j to enable this. While step 1 goes thru pretty well, I am caught with step 2. I am not sure what all to use for this, i.e do I have to resend the password again or only session token alone will do.

Has anyone encountered a similar situation before? Any help will be great!

Thanks

PK
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That depends on how you implement it. If you want to client to send username/password again, then set the other services up to require that. If sending the token is sufficient, then don't have them require username/password.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic