This is my first client to a secure web service using axis2. Using
To create the appropriate soap envelope. My question is how do you define in your code which key/password to associate with which application? Confused since this is the first time dealing with web services. Thank you for your time.
Key and/or password data should be passed as SOAP Headers. This is how you extend SOAP. By creating SOAP headers which are handled by Handlers, either client-side or server-side.
In regards to "code", you write the "code" of the Handler classes and you write the "code" which creates, sends and receives the reply of the SOAP Envelope.
Handlers are configured for web services in the services deployment descriptor. How this is actually accomplished depends upon which SOAP Engine you are using. [ November 06, 2008: Message edited by: James Clark ]
The standard way to secure a web service is to use WS-Security. While it's possible to use that programmatically through API calls, all SOAP stacks I've seen also allow it to be configured outside of the code in config files. For Axis2, this is implemented by its Rampart module.