Antoine Lefebvre wrote:
A simple way to provide authentication and encryption is to use HTTP-BASIC authentication over HTTPs-connection (SSL). I use Java-AXIS, but in it, you set the username / password values by:Hi all,
I use axis to provide services to a .net client. It works fine, but I've some question about security/authentication...
-How are the "username" and "password" members set in the MessageContext?
-Is it possible to use the NetworkCredential class in my .net client??
Or simply: What's the best way to provide a simple authentication
between .net client and axis?
Call call = (Call)service.createCall(); call.setTargetEndpointAddress(new URL(this.paateosoite)); call.setUsername(this.kayttajatunnus); call.setPassword(this.salasana);
At the server-side you can extract the username / password values from MessageContext with the following code:
MessageContext activeContext = MessageContext.getCurrentContext(); String username = activeContext.getUsername(); String password = activeContext.getPassword();
If you run your Axis-web service on Tomcat, it is also quite straight forward to configure the service. Just...
1. Generate SSL-keystore 2. Configure server.xml for SSL and to use the keystore. 3. Configure you web-app's web.xml to require BASIC-authentication
Some links: http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
~ Ilari
