Hi Tony,
If you wanted to use application level security, maybe try using
ws-security (encryption and signatures) using handlers in axis. You will
find quite a few links on
this in the axis mailing list.
You may have to design the authentication protocol and then implement this
using ws-security.
Hope this helps :)
Cheers
Sunny
***********************************************************
Sunil Iyengar,
Research Fellow, Networks Group,
Centre For Communication And Systems Research(CCSR),
School of Electronics, Computing & Mathematics,
University Of Surrey, Guildford GU2 7XH,
Surrey, England, United Kingdom.
Office: +44 (0)1483 686008
***********************************************************
On Thu, 4 Dec 2003, Tony Vieitez wrote:
> Hi
>
> I asked a question on this subject recently, but I don't think I asked
> it clearly enough, because the answers I got back, although helpful,
> didn't quite give me the answer I was after. Now I understand a bit more
> about authentication I can (hopefully) formulate my question a bit more
> clearly. In fact, I have a number of questions which revolve around the
> same subject:
>
> 1. I have implemented container level authentication, and have given the
> client application access to the web service by implementing in this
> client the following code:
>
> call.setUsername("myUsername");
> call.setPassword("myPassword");
>
> This works fine. But how do I implement application level security,
> instead of just relying on the web container to authenticate the calling
> client?
>
> 2. As stated above, I have implemented container level authentication
> for the whole of the axis web app, and now I want to use the Axis
> Servlet to administer the system, I have to provide a username and
> password but I get an unauthorised error. Here is what I did:
>
> At the command prompt I tried:
> java org.apache.axis.client.AdminClient -l
> http://myserver:8080/axis/servlet/AxisServlet list
>
> I also tried:
> java org.apache.axis.client.AdminClient -l
> http://myserver:8080/axis/servlet/AxisServlet -u myUsername -p
> myPassword list
>
> and I got this:
> Exception (401)Unauthorised
>
> As stated, this is container level security, which I would like to know
> how to implement. I would also like to know how to implement application
> level security, that is how to implement security that is part of axis
> and not just rely on the security features that comes with tomcat
>
> Any insight into any of these issues would be most gratefully received
>
> Tony
>
>
