File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Services and the fly likes axis2 conceptual architecture of secure webservice Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "axis2 conceptual architecture of secure webservice" Watch "axis2 conceptual architecture of secure webservice" New topic

axis2 conceptual architecture of secure webservice

denise Wu

Joined: Feb 18, 2011
Posts: 3

Hi all,

I hope you can help with this.

I am working on an axis2 webservice that should include the following requirements:

1) a client will first log in to the webservice using a username/password
2) this username/password will be checked by the webservice by doing a search on a database
3) if the authentication is successful, a token is generated and sent to the client. Also a session is created that will allow the client calling all other methods of the webservice with no other sending of the username/password but just with a token and a session id.

Theoretically, it's possible for my webservice to generate a token, and also possible to implement encryption between server and client to secure the exchange of messages but using my own java code, not using any dedicated library. However, I think it's too risky to implement those security steps myself as I am sure they can be obtained by combining functionalities offered by Rampart module for example in a standard more reliable way.

My question is the following, is there anyone of you who can tell me what are the functionalities offered by axis2, rampart module or any other standard library, module that can be combined to implement the above scenario using those standard librairies?

I've been reading through WS-SecureExchange, WS-Trust, session management in Axis2 but it's still not clear for me how to build the architecture.
Any thought, idea or link to sample similar applications?

Many thanks,
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
If I may point to my own stuff, I've written a few articles specifically about how to use WS-Security with Axis. They come complete with ready-to-run example code, and should get you going pretty quickly. The first article deals with Axis 1, so you should start with the second one, and only refer back to the first if something is unclear. Both explain username/password authentication. The third article is about encryption.

1) Web Services Security - Authentication

2) Web Services Authentication with Axis 2

3) Web Services Security - Encryption
I agree. Here's the link:
subject: axis2 conceptual architecture of secure webservice
It's not a secret anymore!