The access control and username/passwd details are maintained in perms.lst and users.lst located in axis\WEB-INF folder. Typical entries in perms.lst are as follows: user1 WebserviceName1 user2 WebserviceName2
The users.lst would contain entries something like this user1 password1 user2 password2 The wsdd file then needs to have a couple of entries added to it, which is including handlers for authentication and authorization. Which is as follows <deployment xmlns="http://xml.apache.org/axis/wsdd/"; xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"; xmlns:xsi="http://www/w3.org/2000/10/XMLSchema-instance";> <service name="WebserviceName1" provider="java:RPC"> <parameter name="className" value="HelloWebservice"/> <parameter name="allowedMethods" value="getHello"/> <parameter name="allowedRoles" value="user1"/> <requestFlow name="authorizationFlow"> <handler type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/> <handler type="java:org.apache.axis.handlers.SimpleAuthorizationHandler"/> </requestFlow> </service> </deployment> While in the client we got to set the username and password by calling the setter method of the Call object. which can be done with call.setUsername(username); call.setPassword(password); I hope this solves.. Regards Vinay On Thu, 18 Nov 2004 14:58:36 -0500, Sharam Fouladgar-Mercer <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > As an Axis newbie, I am trying to figure out how to authorize users who > should be accessing a certain method of my Web Service. Are there any > standards out there that I should follow? Other than using the components of > WS-Security (which are too new for my liking), I can only think of passing > the username and password as parameters in the method, but that is not a > standard either I believe (I would be using SSL over HTTP so it would be > secure). > > Any ideas? > > > > Thanks, > > Sharam
