We have a .NET web services application which is using windows authentication. If the client is C# I am able to pass the current users credentials and the Web Services gets invoked. If it is a java client I am not sure how to pass the current users credentials.
If it is a Java Client, make sure you Java client artifacts include a Java implementation of WS-Security. WS-Security allows to represent "username/password" tokens in SOAP messages.
For a quick hello world example, I would suggest you to read the Java Web Services Tutorial for JWSDP 1.5 (Posted in java.sun.com). If you want to try out a Pattern check Chapter 11 (Web Services Security Patterns) and Chapter 7 (WS Security standards) both chapters discusses on how to implement Message-level security (including code examples) and strategies.
Perhaps I'm wrong, but I'm not sure this answers the question per se. I'm hitting against the same problem. I want to allow a Java client to access a .NET web service using Integrated Authentication. As far as I know, WS-Security does not address this. WS-Security Username tokens are:
a) passed plain text and non-encrypted by default b) require the web service to implement WS-Security spec
So, IF you re-write the web service to not use integrated authentication and instead accept annonymous or basic authentication and then implement the WS-Security spec, I could see that as working, BUT that's not using Windows Integrated Authorization.
Anyway, that's my question: How can a Java client access a web service that uses Windows Integrated Authentication (not basic, not WS-Security) if re-writing the web service is not an option.
If I'm wrong about any assumptions, I appologize in advance, I'm just going based on my understandings of these technologies.
I looked over that link, and it appears to just be yet another WS-Security example, which is NOT Windows Integrated Authentication, that is the question. How does one pass credentials that will work with Windows Integrated Authentication, NOT WSE.
Originally posted by Jim Hare: I looked over that link, and it appears to just be yet another WS-Security example, which is NOT Windows Integrated Authentication, that is the question. How does one pass credentials that will work with Windows Integrated Authentication, NOT WSE.
Yeah you are right. I am facing the same problem. I dont think it is possible to pass the credetials from the java client. We had to set the security level to anonymous to get things working.