> In our application, we are able to send the SOAP requests and responses. > But how can I authorise those requests.In our normal scenario, we > authenticate the user with pin/password and then he'll access the > authorised functions.But in this SOAP scenario,whatever request comes, > without authentication, should I allow them to get the response. One > condition I'm assuming is allowing for only registered IP addresses.But > this may not be a feasible one. > > Can you please suggest any existing mechanisms to do this.I've to > implement this in our application.
Maybe you can use the Apache XML Security package [1] for creating SOAP Signatures using XML Signature. Whether digital signatures inside the SOAP msg do meet the goal depends on your security requirements. Christian [1] http://xml.apache.org/security/
