Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

axis2 conceptual architecture of secure webservice

denise Wu
Posts: 3
Chrome Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi all,

I hope you can help with this.

I am working on an axis2 webservice that should include the following requirements:

1) a client will first log in to the webservice using a username/password
2) this username/password will be checked by the webservice by doing a search on a database
3) if the authentication is successful, a token is generated and sent to the client. Also a session is created that will allow the client calling all other methods of the webservice with no other sending of the username/password but just with a token and a session id.

Theoretically, it's possible for my webservice to generate a token, and also possible to implement encryption between server and client to secure the exchange of messages but using my own java code, not using any dedicated library. However, I think it's too risky to implement those security steps myself as I am sure they can be obtained by combining functionalities offered by Rampart module for example in a standard more reliable way.

My question is the following, is there anyone of you who can tell me what are the functionalities offered by axis2, rampart module or any other standard library, module that can be combined to implement the above scenario using those standard librairies?

I've been reading through WS-SecureExchange, WS-Trust, session management in Axis2 but it's still not clear for me how to build the architecture.
Any thought, idea or link to sample similar applications?

Many thanks,
Ulf Dittmer
Posts: 42970
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If I may point to my own stuff, I've written a few articles specifically about how to use WS-Security with Axis. They come complete with ready-to-run example code, and should get you going pretty quickly. The first article deals with Axis 1, so you should start with the second one, and only refer back to the first if something is unclear. Both explain username/password authentication. The third article is about encryption.

1) Web Services Security - Authentication

2) Web Services Authentication with Axis 2

3) Web Services Security - Encryption
The human mind is a dangerous plaything. This tiny ad is pretty safe:
the new thread boost feature: great for the advertiser and smooth for the coderanch user
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!