Robert Taylor wrote:
Greetings, can you have both FORM and BASIC authentication in the same web application? (I don't think so, but thought I would ask)
No, you cannot. I recently asked this same question... just look at the web-app DTD... at least in 2.3, auth-method is marked as ? affinity.
I have a system of Struts web applications where I have users authenticating using FORM based authentication. I also have a need for B-to-B communication between these applications and with external applications. I would like to use Axis2 for remoting and would like to secure these web services using BASIC authentication over HTTPS.
I had an identical situation. I wound up using IBM's WS engine built into Websphere, since we are a Websphere shop... interestingly, this is just a version of Axis anyway! They deal with this issue though.
Before I did that though, I had a proof-of-concept using a filter to the basic auth check, simulate basic auth in reality. The difference is that instead of request-challenge-validate as the cycle, the incoming WS request is required to container ID/PW with it, so I skip directly to the validate step.
This has to be a common problem and was wondering if anyone had cracked this nut yet? I've found examples of doing one or the other, but NOT BOTH at the same time on the same web application.
I too would like to know how others have solved this problem. It's nice when the app server has the capability built-in as Websphere does, but I'm interested in how it can be done in the absence of that.
/robert
Frank -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com AIM: fzammetti Yahoo: fzammetti MSN: [EMAIL PROTECTED] Java Web Parts - http://javawebparts.sourceforge.net Supplying the wheel, so you don't have to reinvent it! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
