Hi Bille, How about using "rampart" module to enable UsernameToken authentication on that particular service. This will force all your clients to send requests with a UsernameToken.
With this approach you can limit your configurations to the service only. If you use a plain text password with the service then you can carryout the authentication at the service impl itself. Or else if you use the "PasswordDigest" mechanism you can handle handle multiple user auth in the PasswordCallbackHandler that you specify in the configuration. If you are interested in this option and if this you want more clarifications , I can provide you a further explanations. Thanks, Ruchith On 6/2/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hello to the list, I'm interested how you would deal such a scenario: I have a web service which is meant to run in an Intranet-Environment in our company. There will be different Intranet-Websites and other applications which will use the service. My aim is to limit the use of the service to special clients; say application A and D and WebSite X. How can I achieve this without using some hard coded keys which I register at the service. I'm against those keys because some code is accessable through a Content Management System, so it would be easy to "copy" the keys und use it in some "not registered" application. I hope I put it somehow clearly into words. Thanks in adavance for any hints and comments Bille _____________________________________________________________________ Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! http://smartsurfer.web.de/?mc=100071&distributionid=000000000071 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]