Win a copy of Java EE 8 High Performance this week in the Java/Jakarta EE forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Web service Authorization  RSS feed

Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using java first appraoch to expose java interfaces as web service using Apache CXF JAX-WS implementation.

interface MyInterface {

public void method1();

public void method2();

public void method3();

I have exposed all these methods in a single wsdl. Now here are my requirements
1)Autheticate all the clients which use this webservice(i need to talk to ldap)
2)Authorization- since i have exposed all methods in single wsdl, the clients may invoke other methods which are not meant to be invoked.
For Example Client1 should invoke only method1, client2 --> method2 and so on.

I am stuck in point 2. I have a solution where in we can write Apache CXF interceptors which will first authenticate the clients using ldap. I can have a mapping of client and methods it can invoke. If the client invokes a method which is not in the map, i will throw an error. Are there any ways of handling this scenario ? Can i push this mapping to ldap ? I will pass the operation name and the user credential to ldap, it should authenticate and authorize the clients . And yes i want to give the same wsdl to all clients which will have all the operations. I am not sure if WS-policy can come to my rescue.

Thanks in advance!!
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!