Hi Tony, If you wanted to use application level security, maybe try using ws-security (encryption and signatures) using handlers in axis. You will find quite a few links on this in the axis mailing list. You may have to design the authentication protocol and then implement this using ws-security. Hope this helps :)
Cheers Sunny *********************************************************** Sunil Iyengar, Research Fellow, Networks Group, Centre For Communication And Systems Research(CCSR), School of Electronics, Computing & Mathematics, University Of Surrey, Guildford GU2 7XH, Surrey, England, United Kingdom. Office: +44 (0)1483 686008 *********************************************************** On Thu, 4 Dec 2003, Tony Vieitez wrote: > Hi > > I asked a question on this subject recently, but I don't think I asked > it clearly enough, because the answers I got back, although helpful, > didn't quite give me the answer I was after. Now I understand a bit more > about authentication I can (hopefully) formulate my question a bit more > clearly. In fact, I have a number of questions which revolve around the > same subject: > > 1. I have implemented container level authentication, and have given the > client application access to the web service by implementing in this > client the following code: > > call.setUsername("myUsername"); > call.setPassword("myPassword"); > > This works fine. But how do I implement application level security, > instead of just relying on the web container to authenticate the calling > client? > > 2. As stated above, I have implemented container level authentication > for the whole of the axis web app, and now I want to use the Axis > Servlet to administer the system, I have to provide a username and > password but I get an unauthorised error. Here is what I did: > > At the command prompt I tried: > java org.apache.axis.client.AdminClient -l > http://myserver:8080/axis/servlet/AxisServlet list > > I also tried: > java org.apache.axis.client.AdminClient -l > http://myserver:8080/axis/servlet/AxisServlet -u myUsername -p > myPassword list > > and I got this: > Exception (401)Unauthorised > > As stated, this is container level security, which I would like to know > how to implement. I would also like to know how to implement application > level security, that is how to implement security that is part of axis > and not just rely on the security features that comes with tomcat > > Any insight into any of these issues would be most gratefully received > > Tony > >