Hi, IMHO the scenario you mentioned is supported by WS-SecurityPolicy. And this policy will have to be published by the *service* with two alternatives. The alternatives are to authenticate using a username token _or_ to authenticate using the requester signature. Namely an sp:TransportBinding with a UsernameToken or an sp:AsymmetricBinding.
IFF the service's security policy specifies those options as shown below, the requester can decide to use either one of the authentication modes. Thanks, Ruchtih On 7/4/06, debest <[EMAIL PROTECTED]> wrote:
i don't understand then if the system that i want to develop is possible and if not what are the problems you refer to. Make a example: on the client side i decide that i want present my credentials with usernameToken form (username-password); the server when receives message will try to authenticate the client with PWCallback class comparing the pair (username- password) given by the client with the pairs username - password that the server took from its database. if there is a match then the client will be authenticated. The client could want to present his digital certificate to be authenticated. The server when receives the message takes this certificate and compares it with the certificates it considers secure that have saved in keystore file. If the operation is successful the client will be authenticated, otherwise no and the web service will not accessible to client. But for do this i need the server knows the authentication action (WSHandlerConstants.action) to can handle the arrived message in the right way, and i think that this parameter could be sent from the client (that decide the way in which be authenticated) to server so that the WSDOALLRECEIVER class can handler the message without modifing any code line of the class. Now you could question why a user could want present certificate if only username-token is necessary, but the answer is that i could give more rights in next authorization phase to a client that has been authenticated with his certificate (a more strict system). i hope i has been enough clear in my explanation -- View this message in context: http://www.nabble.com/wsdoallreceiver-tf1872359.html#a5158082 Sent from the WSS4J forum at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- www.ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
