aspose file tools*
The moose likes Web Services and the fly likes security in webservice Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "security in webservice" Watch "security in webservice" New topic
Author

security in webservice

Raji Sriram
Greenhorn

Joined: Dec 05, 2003
Posts: 9
Hi,
I am new to the webservice world. Please let me know how I can provide username and password with the web service call.
How does the container interpret it?
Alos, does the WSDL contain any credential information? If it does, how is it setup
Thanks,
Ram.
[ December 05, 2003: Message edited by: Simba Sriram ]
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
Please let me know how I can provide username and password with the web service call. How does the container interpret it?
Depends on the web service, I guess. How is the web service expecting the credentials? If WS-Security is used, you should probably check these resources:
http://www-106.ibm.com/developerworks/webservices/library/ws-secure/#minorhead4.1
http://xml.coverpages.org/ws-security.html
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/html/securitywhitepaper.asp
does the WSDL contain any credential information? If it does, how is it setup
At least the WSDL specification doesn't mention anything about credentials.


Author of Test Driven (2007) and Effective Unit Testing (2013) [Blog] [HowToAskQuestionsOnJavaRanch]
Paul Monday
Author
Ranch Hand

Joined: Aug 28, 2003
Posts: 41
Originally posted by Simba Sriram:
Hi,
How does the container interpret it?
Alos, does the WSDL contain any credential information? If it does, how is it setup
[ December 05, 2003: Message edited by: Simba Sriram ]

Lasse's right, take a look at WS-Security, there are also books available. If you want to look at lighter weight mechanisms, you may want to look at Google and Amazon web services. If I remember right, you would register for a key from Google, then pass it on each service call. This was relatively lightweight and NOT integrated with the containers or any shared context, but it may be worth looking at if you want something quick.


Paul B. Monday<br />Author, Web Service Patterns: Java Edition
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
This started bugging me so I went and looked. I thought it was some Axis specific feature but it seems that JAX-RPC does support basic authentication.
JeanLouis Marechaux
Ranch Hand

Joined: Nov 12, 2001
Posts: 906
Originally posted by Lasse Koskela:
This started bugging me so I went and looked. I thought it was some Axis specific feature but it seems that JAX-RPC does support basic authentication.

Yes, Jax-RPC does support Basic Authentication.
But what is puzzling me is how this fit with WS-Scurity ?
Which model is the best to choose ? Are they complementary ? (I acknowledge I never read the WS-Security spec)


/ JeanLouis<br /><i>"software development has been, is, and will remain fundamentally hard" (Grady Booch)</i><br /> <br />Take a look at <a href="http://www.epfwiki.net/wikis/openup/" target="_blank" rel="nofollow">Agile OpenUP</a> in the Eclipse community
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
But what is puzzling me is how this fit with WS-Scurity ? Which model is the best to choose ? Are they complementary ?
Basic Authentication works only for certain transports (HTTP) while WS-Security is built into the SOAP envelope itself and thus is transport protocol agnostic. The former is more lightweight and easy to implement while the latter is more "industry strength". I don't think one would use them both, but I might be Ron, of course
JeanLouis Marechaux
Ranch Hand

Joined: Nov 12, 2001
Posts: 906
Originally posted by Lasse Koskela:
Basic Authentication works only for certain transports (HTTP) while WS-Security is built into the SOAP envelope itself and thus is transport protocol agnostic. The former is more lightweight and easy to implement while the latter is more "industry strength". I don't think one would use them both, but I might be Ron, of course

No of course Lasse, it's obvious (the HTTP thing I mean).
I should have though twice before posting my question.
Sorry,
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: security in webservice