Hi there, Good news: I have authenticated webservice clients (in addition through HTTPS) with JBoss in production for several months. The integration of axis into jboss consists of some classes that propagate BASIC HTTP authentication information (username/password) to the EJB layer. You only have to secure your webservices via BASIC auth method and a security realm (axis has a web.xml and jboss-web.xml somewhere under deploy/jboss-net) and find a way in your client to set the HTTP BASIC authentication headers. If you find Basic auth too unsecure, use it through HTTPS.
Good luck, S. Pohl > -----Ursprüngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Auftrag von JAYARAM, > Sujay, FM > Gesendet: Freitag, 7. Mai 2004 15:01 > An: '[EMAIL PROTECTED]' > Cc: BENVENUTTO, Simon, FM > Betreff: [JBoss-user] Security and C# clients > > > > Hi all, > > We are currently exposing session beans within JBoss as web > services (using > axis) to C# clients. We want to use the declarative syntax > provided by J2EE > within our beans' deployment descriptors and to use > JAAS/JBoss security > features - the problem is that there seems to be no standard > mechanism for a > C# client to provide it's credentials (that we know of) so > that any beans > with restricted role access can never be called (or rather > these calls will > return with security exception). > > Have other people solved this problem in any form? One thing > we have looked > at is writing an Interceptor which uses known > 'user'/'password' parameters > from the C# client and attempts to do a JAAS logon at a point > in the call > stack prior to the SecurityInterceptor, so as to assume the > roles required > by the bean we mean to call. However this still seems to fail :-( > > Any help with this would be appreciated. > > Thanks > Sujay > > > > ************************************************************** > ********************* > The Royal Bank of Scotland plc. Registered in Scotland No > 90312. Registered Office: 36 St Andrew Square, > Edinburgh EH2 2YB. > Authorised and regulated by the Financial Services Authority > > This e-mail message is confidential and for use by the > > addressee only. If the message is received by anyone other > > than the addressee, please return the message to the sender > by replying to it and then delete the message from your > > computer. Internet e-mails are not necessarily secure. The > > Royal Bank of Scotland plc does not accept responsibility for > > changes made to this message after it was sent. > > > > Whilst all reasonable care has been taken to avoid the > > transmission of viruses, it is the responsibility of the > recipient to > ensure that the onward transmission, opening or use of this > > message and any attachments will not adversely affect its > > systems or data. No responsibility is accepted by The Royal > > Bank of Scotland plc in this regard and the recipient should carry > out such virus and other checks as it considers appropriate. > > > Visit our > websites at: > > http://www.rbs.co.uk/CBFM > > http://www.rbsmarkets.com > > > > ************************************************************** > ****************** > > > > ------------------------------------------------------- > This SF.Net email is sponsored by Sleepycat Software > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to > deliver higher performing products faster, at low TCO. > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-user ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
