RE: Authenication - username/pwd in request header

[Jay Glanville]

I've found that it takes more work to configure the SimpleAuthenticationHandler (SAH) then it does to simply write a handler of your own.   In order to get SAH to not use user.lst, you need to write a SecurityProvider.  Not hard at all.  Unfortunately, the SAH looks for this security provider in the message context.  I've researched and asked (with no replies) how to set the SecurityProvider in the wsdd, without success.  Thus, you need to put the security provider in the message context before the SAH retrieves it.  The only way that I've been able to figure out how to do this is to create a chain of handlers, where the first link is one written by you, where you set the security provider into the message context, and then the second handler is the SAH.  Then you configure your service to use the chain instead of the individual handlers.   One of those situations where the configuring of the function takes more work then simply over-riding it.  One of those situations where the solution wasn't completely thought through.   JDG From: Suzy Fynes [mailto:[EMAIL PROTECTED] Sent: Thursday, January 27, 2005 11:54 AM To: [EMAIL PROTECTED] Subject: RE: Authenication - username/pwd in request header Thanks for that…   Can the SimpleAuthenticationHandler be used with a MySQL database instead of the user.lst in tomcat   -----Original Message----- From: Jay Glanville [mailto:[EMAIL PROTECTED] Sent: 27 January 2005 16:48 To: [EMAIL PROTECTED] Subject: RE: Authenication - username/pwd in request header   Yes.   On the client side, the stubs generated by WSDL2java contain setUsername and setPassword methods.  Your clients will need to use these methods.   On the server side, you'll need to write an authentication handler.  Look at SimpleAuthenticationHandler as an example.  Add the handler to your service's wsdd file.   Now, before any method in your service is called, your user will be authenticated by your handler.   Hope this helps.   JDG   From: Suzy Fynes [mailto:[EMAIL PROTECTED] Sent: Thursday, January 27, 2005 8:39 AM To: [EMAIL PROTECTED] Subject: Authenication - username/pwd in request header     Hey,   Does anyone know if its possible to send a username and password in a request header to an Axis webservice and have the service authenticated the username and password through a mysql database?   Thanks Suzy