This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes Web Service Access Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Web Service Access" Watch "Web Service Access" New topic
Author

Web Service Access

Nuno Miguel Santos
Greenhorn

Joined: Nov 01, 2011
Posts: 10
Good afternoon,

I've built an application that interacts with a web service, which in turns contacts a CMS Platform that is integrated with an AD server.

In turn, the web service uses the CMS api to upload/download files and various functionalities.

That's where I want to make sure only the right users (the one that are stored in the AD) use the web service.

If I fetch both the windows user with his domain in my code, and then send it to the web service, will that be enough?

for example: mydomain\nuno

I can't rely on certificates to identify the person because if the application will reside on hundreds of computers, hundreds of certificates would have to be created.

Regards,
Nuno.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Web Service Access
 
Similar Threads
Select a certificate from a keystore for client authentication
Spring Web services
Convert Object to Certificate
Integrate Single-Sign On on Java
Axis2 Certificates