Authentication

[Tony Vieitez]

Hi   I asked a question on this subject recently, but I don’t think I asked it clearly enough, because the answers I got back, although helpful, didn’t quite give me the answer I was after. Now I understand a bit more about authentication I can (hopefully) formulate my question a bit more clearly. In fact, I have a number of questions which revolve around the same subject:   1. I have implemented container level authentication, and have given the client application access to the web service by implementing in this client the following code:      call.setUsername("myUsername");      call.setPassword("myPassword");   This works fine. But how do I implement application level security, instead of just relying on the web container to authenticate the calling client?   2. As stated above, I have implemented container level authentication for the whole of the axis web app, and now I want to use the Axis Servlet to administer the system, I have to provide a username and password but I get an unauthorised error. Here is what I did:   At the command prompt I tried: java org.apache.axis.client.AdminClient –l http://myserver:8080/axis/servlet/AxisServlet list   I also tried: java org.apache.axis.client.AdminClient –l http://myserver:8080/axis/servlet/AxisServlet -u myUsername -p myPassword list   and I got this: Exception (401)Unauthorised   As stated, this is container level security, which I would like to know how to implement. I would also like to know how to implement application level security, that is how to implement security that is part of axis and not just rely on the security features that comes with tomcat   Any insight into any of these issues would be most gratefully received   Tony