Frank, thanks for the response. I was afraid that was going to be the
answer.
/robert
Frank W. Zammetti wrote:
Robert Taylor wrote:
Greetings, can you have both FORM and BASIC authentication in the same
web application? (I don't think so, but thought I would ask)
No, you cannot. I recently asked this same question... just look at the
web-app DTD... at least in 2.3, auth-method is marked as ? affinity.
I have a system of Struts web applications where I have users
authenticating using FORM based authentication. I also have a need for
B-to-B communication between these applications and with external
applications. I would like to use Axis2 for remoting and would like to
secure these web services using BASIC authentication over HTTPS.
I had an identical situation. I wound up using IBM's WS engine built
into Websphere, since we are a Websphere shop... interestingly, this is
just a version of Axis anyway! They deal with this issue though.
Before I did that though, I had a proof-of-concept using a filter to the
basic auth check, simulate basic auth in reality. The difference is
that instead of request-challenge-validate as the cycle, the incoming WS
request is required to container ID/PW with it, so I skip directly to
the validate step.
This has to be a common problem and was wondering if anyone had
cracked this nut yet? I've found examples of doing one or the other,
but NOT BOTH at the same time on the same web application.
I too would like to know how others have solved this problem. It's nice
when the app server has the capability built-in as Websphere does, but
I'm interested in how it can be done in the absence of that.
/robert
Frank
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
