Actually i did: http://cxf.apache.org/docs/ws-security.html
"Username Token Authentication" On Mon, Jan 25, 2010 at 8:19 AM, KARR, DAVID (ATTCINW) <[email protected]> wrote: >> -----Original Message----- >> From: Cole Ferrier [mailto:[email protected]] >> Sent: Monday, January 25, 2010 7:59 AM >> To: [email protected] >> Subject: How to? Authenticate once then pass a token? >> >> Currently I've managed to add basic username/password security to my >> web services. >> >> How do i now change that so that i can authenticate on the first call >> and create a session and then just use a token after that. >> >> I'm doing a rather heavy weight operation to validate the username and >> password, so I don't want to do it on every call. >> >> Are there any examples of doing this? > > If you're really using "basic auth", this is actually pretty easy. I > did this very recently. You first set up your web.xml with webapp > security using BASIC auth. If you examine your HTTP headers in the > response from the authenticated service, you should see a "JSESSIONID" > cookie coming back. If you store that hash value in the client and then > append ";jsessionid=<hash>" to subsequent URLs (until the session > expires), it should work. If you're making this call from JSP with > reasonable tag libraries, these mechanisms may even happen without your > intervention. >
