RE: Authenication - username/pwd in request header

[Ephemeris Lappis]

I have not tested this feature, but i suppose it should work :   All my current works are based on the J2EE 1.4 web services features, and more precisely on the possibility to expose a stateless session bean as a web service endpoint. Authentication, if you use a BASIC HTTP scheme, or SSL mutual authentication in more complicated cases, only relies on the access layer, and is supposed to be handled by the application server (according to your web deployment descriptor), that also must propagate the security information to the underlying components. In case of EJB implementation, the "principal" can be directly get from the EJB context. In case of more complicated cases of propagation between different EJB layers or resources, once more, the application server just do it...   I have choosen to work around this kind of architecture precisely not to be dependent of the web service layer implementation. All is handled by the application server : web service binding, implementation component life-cycle, transaction constraint, security, etc. In my case, i use Jonas that also integrates Tomcat as its web container.   I have not looked how it could work if you just deploy your web service as a remote interface bound to a servlet...   Philippe Maseres -----Message d'origine----- De : Suzy Fynes [mailto:[EMAIL PROTECTED] Envoyé : jeudi 27 janvier 2005 17:54 À : [EMAIL PROTECTED] Objet : RE: Authenication - username/pwd in request header Thanks for that…   Can the SimpleAuthenticationHandler be used with a MySQL database instead of the user.lst in tomcat   -----Original Message----- From: Jay Glanville [mailto:[EMAIL PROTECTED] Sent: 27 January 2005 16:48 To: [EMAIL PROTECTED] Subject: RE: Authenication - username/pwd in request header   Yes.   On the client side, the stubs generated by WSDL2java contain setUsername and setPassword methods.  Your clients will need to use these methods.   On the server side, you'll need to write an authentication handler.  Look at SimpleAuthenticationHandler as an example.  Add the handler to your service's wsdd file.   Now, before any method in your service is called, your user will be authenticated by your handler.   Hope this helps.   JDG   From: Suzy Fynes [mailto:[EMAIL PROTECTED] Sent: Thursday, January 27, 2005 8:39 AM To: [EMAIL PROTECTED] Subject: Authenication - username/pwd in request header     Hey,   Does anyone know if its possible to send a username and password in a request header to an Axis webservice and have the service authenticated the username and password through a mysql database?   Thanks Suzy