File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Web Service Access Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Web Service Access" Watch "Web Service Access" New topic
Author

Web Service Access

Nuno Miguel Santos
Greenhorn

Joined: Nov 01, 2011
Posts: 10
Good afternoon,

I've built an application that interacts with a web service, which in turns contacts a CMS Platform that is integrated with an AD server.

In turn, the web service uses the CMS api to upload/download files and various functionalities.

That's where I want to make sure only the right users (the one that are stored in the AD) use the web service.

If I fetch both the windows user with his domain in my code, and then send it to the web service, will that be enough?

for example: mydomain\nuno

I can't rely on certificates to identify the person because if the application will reside on hundreds of computers, hundreds of certificates would have to be created.

Regards,
Nuno.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Web Service Access