There are really a couple options: 1) Use ws-secureconversation. The user would send the complete authentication information on the request to get the conversation token. Subsequent requests would just send the conversation token.
2) You could write an interceptor that grabs the HTTP session out of the message and store stuff there (providing the clients enable sessions). Basically, store the username/password that WAS authenticated successfully and in you callback handler, match there first. Dan On Fri April 3 2009 11:15:12 am Santosh Kulkarni wrote: > Hi all, > > > > Where can I get some pointers/examples on how to cache the > authentication information so I do not have to go to the authentication > server for every single request? > > > > A little background: > > > > I'm using apache-cxf and ws-security username token profile. The > callback goes out and authenticates against a remote LDAP server. > > It's required to be a high volume service so looking for ways to avoid > hitting the LDAP server for every request. > > > > Santosh -- Daniel Kulp [email protected] http://www.dankulp.com/blog
