Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Web service Authorization  RSS feed

 
Mandar Joshi
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using java first appraoch to expose java interfaces as web service using Apache CXF JAX-WS implementation.

@WebService
interface MyInterface {

public void method1();

public void method2();

public void method3();
}

I have exposed all these methods in a single wsdl. Now here are my requirements
1)Autheticate all the clients which use this webservice(i need to talk to ldap)
2)Authorization- since i have exposed all methods in single wsdl, the clients may invoke other methods which are not meant to be invoked.
For Example Client1 should invoke only method1, client2 --> method2 and so on.

I am stuck in point 2. I have a solution where in we can write Apache CXF interceptors which will first authenticate the clients using ldap. I can have a mapping of client and methods it can invoke. If the client invokes a method which is not in the map, i will throw an error. Are there any ways of handling this scenario ? Can i push this mapping to ldap ? I will pass the operation name and the user credential to ldap, it should authenticate and authorize the clients . And yes i want to give the same wsdl to all clients which will have all the operations. I am not sure if WS-policy can come to my rescue.

Thanks in advance!!
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!