Now i just relised that anybody who see's my WSDL can call the methods on my server.
How do I stop this, how do i authenticate users??
Whats the easiest way? Could somebody show me a code example of the client side and server side code needed. My server is Apache Tomcat with axis, and my client is a J2SE swing app wich calls methods on the stubs i generated from the WSDL.
I would really appriciate a dead simple example. I do not want to have to pass a user name and password as paramaters with each method call!!
PLEASE WATCH THIS VIDEO: <a href="http://www.glumbert.com/media/dolphin" target="_blank" rel="nofollow">http://www.glumbert.com/media/dolphin</a><br /> <br /><-- that video is no joke. Spread the word... this cant go on!!!<br /> <br />SCJP 1.4, SCBCD 1.3, SCWCD 1.4, SCMAD 1.0
That didnt really help me. Im hoping to hear something like add something to my web.xml on tomcat, and then do something on the client code...
Every answer I come across explains the theory of authenication, but not how i do it!
My senior developer warned me agaisnt web services saying there isnt any good doc's and how to's on using it. I hope he is not right!! He's gonna make me use corba is a fail to get this authenitcation working today!! HELP
Joined: Mar 22, 2005
The first link posted by BL was right on the mark. Amongst other things, it says that you can use HTTP Authentication. That involves your web.xml and conf/tomcat-users.xml on the server side (assuming you're using Tomcat, but other servlet containers work similarly), as well as setting properties in your javax.xml.rpc.Stub on the client, which looks something like:
Stub stub = (Stub) ...; // wherever you get your Stub from stub._setProperty(Stub.USERNAME_PROPERTY, "username"); stub._setProperty(Stub.PASSWORD_PROPERTY, "password");
No rocket science involved. This is not very strong security (password is transmitted unencrypted in the HTTP headers), but it's a start. Later, you can run your service over SSL for some additional security, or migrate to using the WS-Security standard.
Now im using the servlet/tomcat style secuirty. How can I access that from inside my business logic java bean web serice?
Since Im not in a servlet or JSP, how do I do something like a: request.isUserInRole("Project Manager") ! Since I dont have a request object to work with ?? Is there some way I can get a request object ?
Joined: Mar 22, 2005
That's a FAQ. Check the page at the bottom of this post for an answer.
author and deputy
Joined: Jul 13, 2001
Originally posted by Ulf Dittmer: That's a FAQ. Check the page at the bottom of this post for an answer.
Nice one!! Ulf.
Joined: Dec 04, 2004
Thanks for your help. You really hepled me alot much appriciated!!