Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

axis2 conceptual architecture of secure webservice

 
denise Wu
Greenhorn
Posts: 3
Chrome Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi all,

I hope you can help with this.

I am working on an axis2 webservice that should include the following requirements:

1) a client will first log in to the webservice using a username/password
2) this username/password will be checked by the webservice by doing a search on a database
3) if the authentication is successful, a token is generated and sent to the client. Also a session is created that will allow the client calling all other methods of the webservice with no other sending of the username/password but just with a token and a session id.

Theoretically, it's possible for my webservice to generate a token, and also possible to implement encryption between server and client to secure the exchange of messages but using my own java code, not using any dedicated library. However, I think it's too risky to implement those security steps myself as I am sure they can be obtained by combining functionalities offered by Rampart module for example in a standard more reliable way.

My question is the following, is there anyone of you who can tell me what are the functionalities offered by axis2, rampart module or any other standard library, module that can be combined to implement the above scenario using those standard librairies?

I've been reading through WS-SecureExchange, WS-Trust, session management in Axis2 but it's still not clear for me how to build the architecture.
Any thought, idea or link to sample similar applications?

Many thanks,
Denise
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If I may point to my own stuff, I've written a few articles specifically about how to use WS-Security with Axis. They come complete with ready-to-run example code, and should get you going pretty quickly. The first article deals with Axis 1, so you should start with the second one, and only refer back to the first if something is unclear. Both explain username/password authentication. The third article is about encryption.

1) Web Services Security - Authentication

2) Web Services Authentication with Axis 2

3) Web Services Security - Encryption
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic