Without getting into too much detail, this isn't difficult to do.
+) Put a handler in the requestFlow of your service. For example,
<service ...>
...
<requestFlow>
<handler type="java:your.handler.class.here"/>
</requestFlow>
</service>
+) Your handler class should extend BasicHandler and implement invoke(MessageContext
+msgContext).
+) You can pick up the username/password from the message context. If you are using
+HTTP BASIC authentication, the protocol requestFlow handler
HTTPAuthHandler should have populated msgContext.getUsername() and
msgContext.getPassword(). If you're using some other method to pass
username/password, this step is left up to you to figure out... :-)
+) Use weblogic.servlet.security.ServletAuthentication.weak(username, password,
+session) to authenticate.
This works for me on WL 6.1...
--Doug
-----Original Message-----
From: Wes Hinkle [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 25, 2002 11:44 AM
To: '[EMAIL PROTECTED]'
Subject: J2EE Container Manages Security
Has anyone had any experience integrating Axis services with WebLogic
container managed security?
I have a web service is called from an applet in the context of a Web
application. The user is authenticated by the Web tier. The service calls an
EJB and must return data based on the caller principle. getCallerPrinciple()
always returns 'guest'.
- I've tried configuring the web service to pass the sessionId with the
request by calling setMaintainSession(true) on the Call object and
configuring the scope of the service to 'Session'
- I've also tried putting a security constraint in Web.xml allowing the role
everyone access to the url pattern services/* (this broke connectivity to
the service)
Any suggestions would be greatly appreciated.
Wes
