Register / Login
Win a copy of
Clojure in Action
this week in the
Web Service Access
Nuno Miguel Santos
posted 3 years ago
I've built an application that interacts with a web service, which in turns contacts a CMS Platform that is integrated with an AD server.
In turn, the web service uses the CMS api to upload/download files and various functionalities.
That's where I want to make sure only the right users (the one that are stored in the AD) use the web service.
If I fetch both the windows user with his domain in my code, and then send it to the web service, will that be enough?
for example: mydomain\nuno
I can't rely on certificates to identify the person because if the application will reside on hundreds of computers, hundreds of certificates would have to be created.
I agree. Here's the link:
Spring Web services
Select a certificate from a keystore for client authentication
Convert Object to Certificate
Integrate Single-Sign On on Java