Aaron
Tony Vieitez wrote:
Thanks for the help Aaron. Would it be correct to say that the only form of supported security for web applications that is part of the axis implementation is for servlet container security of the type that I have described in my original message?
-----Original Message-----
From: Aaron Hamid [mailto:[EMAIL PROTECTED] Sent: 04 December 2003 13:20
To: [EMAIL PROTECTED]
Subject: Re: Authentication - Could anyone help me plzzzzzzz
I can't answer why the admin app would be failing. But if you want application-level security you are basically on your own. You can try to use the ws-security package, or simply build client and server handlers which know how to generate and decode your form of authentication (in my case, I have a client and server handler that generate and decode a modified form of a Kerberos ticket). Once you do that, either populate the AuthenticatedUser Axis object, or override the HttpServletRequest (if you are running in a servlet container) with a HttpServletRequestWrapper that provides the decoded remote user through getRemoteUser().
Aaron
Tony Vieitez wrote:
OK, so if you have a container managed username and password protected
web service, and the client classes are generated from the wsdl, if
the
person implementing the client code knows the usernmame and password, what would be the code for implementing access to the web service?
Also, if anyone knows any articles on axis authentication/security, I would appreciate info on this
Thanks
Tony
-----Original Message----- *From:* Harald Pollak [mailto:[EMAIL PROTECTED] *Sent:* 04 December 2003 12:59 *To:* [EMAIL PROTECTED] *Subject:* Re: Authentication - Could anyone help me plzzzzzzz
as i have understood:
The handler is a thing befor the WS ( not part of it ) and the WSDL describe the WS - so elements only used in handler shouldn't and couldn't be described in Webservice, so you can only tell your opposit
what to do in document the webservice in hardware ways ( email,
letters,
tell him ... ).
best regards Harry
Am Don, den 04.12.2003 schrieb Yogesh Pant um 13:49:
/ Hello ppl,
I have got a custom authentication handler. It authenticates the incoming message very well.
My problem is that the generated wsdl has no mention of header
elements
at all. HOW DO I ACHIEVE THIS?
Do I need to configure the deployment descriptor a little bit more?
Please help.
Thanks in advance.
regards, - yogesh
*Sunil Iyengar <[EMAIL PROTECTED]>* wrote: /
/ Hi Tony, If you wanted to use application level security, maybe try using ws-security (encryption and signatures) using handlers in axis. You
will
find quite a few links on this in the axis mailing list. You may have to design the authentication protocol and then implement
this
using ws-security. Hope this helps :)
Cheers Sunny
*********************************************************** Sunil Iyengar, Research Fellow, Networks Group, Centre For Communication And Systems Research(CCSR), School of Electronics, Computing & Mathematics, University Of Surrey, Guildford GU2 7XH, Surrey, England, United Kingdom. Office: +44 (0)1483 686008 ***********************************************************
On Thu, 4 Dec 2003, Tony Vieitez wrote:
Hi
I asked a question on this subject recently, but I don't think I
asked
it clearly enough, because the answers I got back, although helpful, didn't quite give me the answer I was after. Now I understand a bit
more
about authentication I can (hopefully) formulate my question a bit
more
clearly. In fact, I have a number of questions which revolve around
the
same subject:
1. I have implemented container level authentication, and have given
the
client application access to the web service by implementing in this client the following code:
call.setUsername("myUsername"); call.setPassword("myPassword");
This works fine. But how do I implement application level security, instead of just relying on the web container to authenticate the
calling
client?
2. As stated above, I have implemented container level
authentication
for the whole of the axis web app, and now I want to use the Axis Servlet to administer the system, I have to provide a username and password but I get an unauthorised error. Here is what I did:
At the command prompt I tried: java org.apache.axis.client.AdminClient -l http://myserver:8080/axis/servlet/AxisServlet list
I also tried: java org.apache.axis.client.AdminClient -l http://myserver:8080/axis/servlet/AxisServlet -u myUsername -p myPassword list
and I got this: Exception (401)Unauthorised
As stated, this is container level security, which I would like to
know
how to implement. I would also like to know how to implement
application
level security, that is how to implement security that is part of
axis
and not just rely on the security features that comes with tomcat
Any insight into any of these issues would be most gratefully
received
Tony
/
/ /
/ Do you Yahoo!?
Free Pop-Up Blocker - Get it now <http://us.rd.yahoo.com/slv/mailtag/*http:/companion.yahoo.com/>/
