Hi Ruchith, thanks for your advice. I read about rampart (WSS4j) but didn't get in too deep. Using plain text password isn't suitable for my goals. As I said, this password could be directly accessed by other parties, who should definitely not use my service. I thought about using a combination of a password an the hashed URL of the Client as a password-mechanism. But this solution doesn't satisfy me either. Do you have any details for the password digest and the callback solution; it didn't get really clear to me.
Any further ideas and / or links are highly appreciated Thanks a lot Bille > -----Ursprüngliche Nachricht----- > Von: [email protected] > Gesendet: 02.06.06 09:55:47 > An: [email protected] > Betreff: Re: [axis2] design issues on client authentication > Hi Bille, > > How about using "rampart" module to enable UsernameToken > authentication on that particular service. This will force all your > clients to send requests with a UsernameToken. > > With this approach you can limit your configurations to the service > only. If you use a plain text password with the service then you can > carryout the authentication at the service impl itself. Or else if you > use the "PasswordDigest" mechanism you can handle handle multiple user > auth in the PasswordCallbackHandler that you specify in the > configuration. > > If you are interested in this option and if this you want more > clarifications , I can provide you a further explanations. > > Thanks, > Ruchith > > On 6/2/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hello to the list, > > > > I'm interested how you would deal such a scenario: > > I have a web service which is meant to run in an Intranet-Environment in > > our company. There will be different Intranet-Websites and other > > applications which will use the service. > > My aim is to limit the use of the service to special clients; say > > application A and D and WebSite X. How can I achieve this without using > > some hard coded keys which I register at the service. > > I'm against those keys because some code is accessable through a Content > > Management System, so it would be easy to "copy" the keys und use it in > > some "not registered" application. > > > > I hope I put it somehow clearly into words. Thanks in adavance for any > > hints and comments > > > > Bille > > _____________________________________________________________________ > > Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > > http://smartsurfer.web.de/?mc=100071&distributionid=000000000071 > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > ______________________________________________________________ Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
