I'm using Tomcat 6.0.29, jdk 1.6. I'm developing web services (with Jax-WS) and i would like to add authentication to those web service. The only thing I want to do is validate credentials when entering a web service method (without having to pass username/password parameter and validate them manually, every time). I'd like to know how to do it, I need to validate users against the database. I read a lot on the web on jaas, but it's unclear for me where to start, which framework to use, etc... can someone help me please??? From what I understood, credentials should be part of the soap envelop header, but again, I cant find tutorials or examples on how to do it within Tomcat.
I also read about roles (using RolesAllowed annotation), but again, I dont find how to link those roles with the database I configured in the config.xml file (in a resource element). My needs are really specific to implementation in Tomcat, could someone help me on which framework I should use and where I can find tutorials or examples for integration in Tomcat.