Well, you can think of many ways as you have listed some..
1. User name and password, you can think of using HTTP basic
authentication but, it stops at the HTTP layer itself. Otherway is that,
you can send these credentails as an XML message in an application
request.
2. SSL, you can setup SSL for Apache SOAP, will be mainly for session
security, not really as an authentication mechanism.
3. Coming now to the actual things, you may have to look at different
security standards shaping in the Web Services security area like, SAML,
XACML, SOAP Sec. Extensions, XKMS etc.,
SAML is a SOAP messaging framework that lets you carry your
entitlements with which you can share authentication information.
Thanks,
Chandru.
>>> [EMAIL PROTECTED] 05/07/02 04:25AM >>>
thanks jonathan and virender - it works like a charm:
now for the actual problem :-)
i am trying to implement some form of security for a
webservice i created. a basic way is to check the
hostname and restrict it to trusted urls. but this is
not always practical because we want trusted users to
connect from anywhere.
a username and password? alas, without ssl, the
simplicity of text-only xml turns out to be its
drawback! how do you send authentication information
for webservices? is private/public key and an arbit
algorithm the only way to go?
please help ...
thanks again,
prash.
--- Jonathan Chawke <[EMAIL PROTECTED]> wrote:
> Sorry, Hotmail ran away with itself before I
> finished the previous mail. The
> previous mail should have read:
>
> Yes, you can use the SOAPContext object to access
> the container's HTTP
> request object
> [javax.servlet.http.HttpServletRequest].
> You can then call getRemoteHost() to get the remote
> hostname (or the IP
> address if the name cannot be determined).
> See
> http://xml.apache.org/soap/faq/faq_chawke.html#Q2_38
> and
>
http://java.sun.com/products/servlet/2.2/javadoc/javax/servlet/ServletRequest.html#getRemoteHost()
> Hope that helps,
> Jonathan.
>
>
>
> >From: "Jonathan Chawke" <[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
> >To: [EMAIL PROTECTED]
> >Subject: Re: hostname of client machine?
> >Date: Mon, 06 May 2002 09:36:10 +0100
> >
> >Yes, you can use the SOAPContext object to access
> the conHTTP request
> >object. See
>
>http://xml.apache.org/soap/faq/faq_chawke.html#Q2_38
> >Hope that helps,
> >Jonathan.
> >
> >>From: Prashanth Narayanan <[EMAIL PROTECTED]>
> >>Reply-To: [EMAIL PROTECTED]
> >>To: [EMAIL PROTECTED]
> >>Subject: hostname of client machine?
> >>Date: Sun, 5 May 2002 20:12:12 -0700 (PDT)
> >>
> >>hi all,
> >> is there any way to find the hostname of the
> machine
> >>that is making the request to a webservice? iam
> using
> >>apache2.2 on iplanet 6.0sp4.
> >> thanks,
> >> prash.
> >>
> >>__________________________________________________
> >>Do You Yahoo!?
> >>Yahoo! Health - your guide to health and wellness
> >>http://health.yahoo.com
> >
> >
> >
> >
>
>_________________________________________________________________
> >Chat with friends online, try MSN Messenger:
> http://messenger.msn.com
> >
>
>
>
>
>
_________________________________________________________________
> Send and receive Hotmail on your mobile device:
> http://mobile.msn.com
>
=====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Prashanth L.Narayanan
Baton Rouge International, Inc.
Day: 408.342.3616
http://www.prash.net
__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com
