File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Services and the fly likes WS-Security and multiple client capability Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "WS-Security and multiple client capability" Watch "WS-Security and multiple client capability" New topic
Author

WS-Security and multiple client capability

Michael Ernst
Greenhorn

Joined: Jul 03, 2005
Posts: 23
Hi,

I want to use WS-Security in my Web-Service for authentication. It should only be possible to access the service if a username and a client id is given. The username will be given as an authentication token but how to handle the client id. Whats the common practice to handle this? Is it the right and common way to create a second token because both identifiers are equally important?

Regards
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41073
    
  43
WS-Security only handles username and password. You don't mention passwords - do you have them? If not, you could use the password field to pass along the ID and then use that to perform whatever validation needs performing on the server.

But you probably need the ID in the actual service call as well, in order to customize the results of the call ... ? In that case it should be part of the service method's signature(s).

Or do you mean "token" in the WS-Security sense of the word, like an X509 token?


Ping & DNS - my free Android networking tools app
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: WS-Security and multiple client capability
 
Similar Threads
SAAJ and Ws security
Web service authentication in Tomcat
Help regarding web service security
digest authentication on client side implementation.
SCJWSD Beta Exam