Have a look at the Java Cryptography Extension (JCE)
http://java.sun.com/j2se/1.4.1/docs/guide/security/jce/JCERefGuide.html
-----Original Message-----
From: Jon Blower [mailto:[EMAIL PROTECTED]]
Sent: 06 October 2003 14:33
To: [EMAIL PROTECTED]
Subject: Simple username-password security with Axis?
Dear Axis users,
I would like to add a very basic level of security to my Web Service. I
would like users to be authenticated by simply including a username and
password in the SOAP message when calling the Web Service.
What's the easiest way of encrypting the username/password so it can't be
decrypted if someone intercepts the SOAP message? I don't need a solution
with maximum security - the authentication is basically to keep track of
who's using the Web Service and to provide different levels of access to
different users. The Web Service in question involves significant server
load, so the security is just intended to prevent unauthenticated users
submitting requests that will hold up the server.
I have even considered sending the username/password unencrypted, but
ideally I would like a bit more security than this if it's not hard to
implement. Only the username/password part of the message would have to
be encrypted.
I've looked on the Web for appropriate toolkits/APIs but haven't been able
to track down an obvious solution.
Thanks in advance for any help or advice,
Jon
--
--------------------------------------------------------------
Dr Jon Blower Tel: +44 118 378 5213 (direct line)
Research Fellow Tel: +44 118 378 8741 (ESSC)
ESSC Fax: +44 118 378 6413
University of Reading Email: [EMAIL PROTECTED]
3 Earley Gate
Reading RG6 6AL, UK
--------------------------------------------------------------
________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________
Note:This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Jaguar Freight Services and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks.
Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity.
________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________
