Hi ,
I'd greatly appreciate advice on the following.
In short: what do you do when a web-service requires clients to login (supplying user + password), *but* the server/web-app can't be configured to use basic web authentication ?
In short: what do you do when a web-service requires clients to login (supplying user + password), *but* the server/web-app can't be configured to use basic web authentication ?
We have an Axis web service, which requires login (namely, clients connecting to the web service must supply user + password ) .
Now, normally this should be handled by the servlet-container (configure "web.xml" to use "Basic Web Authentication", and put Security Constraints on the web-service URL ).
*Unfortunately*, we can't take this approach, since our web-application is already using *Form-Based* login (namely: the same web-application that contains our Axis servlet, also contains other modules - such as JSP pages - that rely on form-based login).
Any recommendations for this situation ? We are considering solutions, such as:
1) A filter to intercept requests to the web-service, and check for user credentials.
2) Passing user + password on applicative level, as additional method parameters (we use HTTPS, so passwords can be transmitted safely).
Those this make sense ? Or is there some feature build into Axis that could help ?
1) A filter to intercept requests to the web-service, and check for user credentials.
2) Passing user + password on applicative level, as additional method parameters (we use HTTPS, so passwords can be transmitted safely).
Those this make sense ? Or is there some feature build into Axis that could help ?
Thanks very much.
Do you Yahoo!?
Meet the all-new My Yahoo! – Try it today!
