Right. And to just clarify for Lana, a global handler is invoked for
every service. A per service handler is only invoked on that particular
service. And these handlers can be set via the inHandlers property on
ServiceBean/XFireExporter.
Cheers,
- Dan
Saul Qunming Yuan wrote:
You need only tie the handler to the services you want to
authenticate. In your handler, you should check the existence of
header information and as part of your authentication process, so the
user cannot bypass the authentication by leaving out the header.
HTH,
Saul
----- Original Message -----
*From:* [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
*To:* [email protected] <mailto:[email protected]>
*Sent:* Thursday, March 16, 2006 5:25 PM
*Subject:* [xfire-user] XFire webservice security
Hi,
I have a few questions regarding the authentication handler
If I have 3 services available, but 2 of them should be publicly
available; only one need to be authenticated. Once
AuthenticationHandler is configured as global handler, does that
mean it is invoked for all services. Just want to make sure that
users can’t bypass the authentication by leaving out the header
information when they should pass it in…
Also can I tie authentication handler be tied to a specific
service only by making it an inHandler in my XFireExporter bean?
How
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, please notify the sender immediately
and delete the original. Any other use of the email by you is
prohibited.
--
Dan Diephouse
(616) 971-2053
Envoi Solutions LLC
http://netzooid.com
