HI Peter, Thank you for your immediate and eloberate reply.I'll try and get back to you. Have a nice time, with best regards,
Sreenivas P
----- Original Message -----
From: "Fuhrmann Peter" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 28, 2001 12:40 AM
Subject: AW: Authenticating SOAP Messages
> You can use HTTP authentication, see the following client code snippet:
>
> SOAPHTTPConnection connection = new SOAPHTTPConnection();
> connection.setMaintainSession( true );
>
> connection.setUserName("user");
> connection.setPassword("password");
>
> call.setSOAPTransport(connection);
>
> On server side you must chose BASIC authentication for the RPCRouterServlet
> context. In the web.xml it looks like this:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/servlet/rpcrouter</url-pattern>
> <!-- If you list http methods, only those methods are protected -->
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area -->
> <role-name>tomcat</role-name>
> </auth-constraint>
> </security-constraint>
>
> <!-- Default login configuration uses BASIC authentication -->
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Example Basic Authentication Area</realm-name>
> </login-config>
>
> And, of course you have to define the user, password and role somewhere -
> this depends on the container. In tomcat using the default realm you put
> this into the tomcat-users.xml. In Weblogic (using the default weblogic
> realm) you put this in the weblogic.properties.
>
> Hope this helps.
> Peter
>
>
> -----Urspr�ngliche Nachricht-----
> Von: P Sreenivasa Rao [mailto:[EMAIL PROTECTED]]
> Gesendet am: Mittwoch, 28. November 2001 21:38
> An: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Betreff: Authenticating SOAP Messages
>
> Hi all,
>
> In our application, we are able to send the SOAP requests and responses.
> But how can I authorise those requests.In our normal scenario, we
> authenticate the user with pin/password and then he'll access the authorised
> functions.But in this SOAP scenario,whatever request comes, without
> authentication, should I allow them to get the response.
> One condition I'm assuming is allowing for only registered IP addresses.But
> this may not be a feasible one.
>
> Can you please suggest any existing mechanisms to do this.I've to implement
> this in our application.
>
> Thanks in advance,
>
> Sreenivas P,
> CMC Ltd,
> Hyderbad,
> India
>
>
smime.p7s
Description: application/pkcs7-signature
