This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Websphere and the fly likes client authentication with WAS 5 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "client authentication with WAS 5 " Watch "client authentication with WAS 5 " New topic
Author

client authentication with WAS 5

Greg T Robertson
Ranch Hand

Joined: Nov 18, 2003
Posts: 91
I have an application developed under WAS 5. It contains a web service (axis based) and a servlet framework (similar to Struts) that also uses several JSPs.
I have a requirement to serve the Web Service using client authentication (obviously https). An additonal requirement is to serve the servlet and JSPs over https without client authentication. These both need to run in the same application server (for standards purposes). How does one do this?
It seems to me that if I turn on Client Side authentication for the server (and yes it seems to be set at the server level correct me if I'm wronger), I can no longer access my JSPs and servlets but I can get to the web service. Obviously if I set it to a lower standard than client authentication then the web service no longer uses client side authentication.
Any thoughts appreciated ...
Kyle Brown
author
Ranch Hand

Joined: Aug 10, 2001
Posts: 3892
    
    5
If the Web Services and the JSP's/Servlets are in different Web Projects then you won't have a problem. Authentication is turned on/off in WebSphere at the Web Project (WAR) level as according to the Servlet spec.
Kyle


Kyle Brown, Author of Persistence in the Enterprise and Enterprise Java Programming with IBM Websphere, 2nd Edition
See my homepage at http://www.kyle-brown.com/ for other WebSphere information.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: client authentication with WAS 5
 
Similar Threads
Question about designing a web-service security mechanism used with desktop client
IBM HttpServer and websphere Appserver
Can you call a local WS without creating proxy classes?
Login Use Case and JAAS...
Web Service SSL Client