Hi all! I'm trying to secure my WS with JAAS. The problem is that my WS is accessed both by java and non-java clients. Java clients are succesfully authenticated with JAAS, but I don't know the simple way to tell my non-java client to authenticate with JAAS. First, the only one thing is needed(as I think) is to include into the SOAP-message header like this one: | <soapenv:Header> | <jbws:username actor="http://webservice.jboss.com/ws4ee/login" xmlns:jbws="http://webservice.jboss.com/ws4ee">scott</jbws:username> | <jbws:password actor="http://webservice.jboss.com/ws4ee/login" xmlns:jbws="http://webservice.jboss.com/ws4ee">tiger</jbws:password> | </soapenv:Header> | As I understand this header is implicitly included into client's SOAP message wich was sent to WS. But there is the explicit way to tell all clients to include such header into message - add lines like this(bold) in WSDL file of my WS:
| ... | <wsdl:operation name="helloName"> | <wsdlsoap:operation soapAction=""/> | <wsdl:input name="helloNameRequest"> | <wsdlsoap:header message="lalala" | part="request_header_lalala" use="literal"/> | <wsdlsoap:body namespace="http://interfaces.zenith.ru" use="literal"/> | </wsdl:input> | ... | Is my "manually" constructed auth header enough to put server-side JAAS auth to work with non-java clients or not?(maybe it sounds stupid but... I hope yes :)) View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3869670#3869670 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3869670 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
