Hello!
We have an old web application that I have added some web services and
a java client to. The web application is deployed in jboss+tomcat as a
single war. The war uses FORM-based authentication. The java client
posts the username and password to the authentication servlet and keeps
to JSESSIONID. The JSESSIONID are appended to the axis servlet url. A
bit ugly, but it works.
We are not able to send the password for every request to the axis
servlet as we are using RSA SecurID. The users has a token that has a
number that changes every minute. So the password should only be
verified in the start of the session.
Everything works now, but I would like to make the authentication a bit
cleaner. It would be nice (less documentation to write) if we could use
a standard way to authenticate. What is the best way to do
session-based authentication for axis in a war that already uses
FORM-based authentication?
- Tore.
