So I think i need to clarify my question. Currently, i have basic WS-Security setup to authenticate a username and password using a callback class. This is working.
However, the steps that are required to do that are very very expensive. So i would like to build some sort of session. Basically authenticate once, then rely on the fact they are already authenticated. I understand WS-Trust could potentially accomplish this? Any information would be helpful, on how to get started. Basically the problem i have is validating username/password is way to expensive to do on every call, so how can i work around that? Cole On Mon, Jan 25, 2010 at 8:28 AM, Cole Ferrier <[email protected]> wrote: > Actually i did: > > http://cxf.apache.org/docs/ws-security.html > > "Username Token Authentication" > > > > On Mon, Jan 25, 2010 at 8:19 AM, KARR, DAVID (ATTCINW) <[email protected]> wrote: >>> -----Original Message----- >>> From: Cole Ferrier [mailto:[email protected]] >>> Sent: Monday, January 25, 2010 7:59 AM >>> To: [email protected] >>> Subject: How to? Authenticate once then pass a token? >>> >>> Currently I've managed to add basic username/password security to my >>> web services. >>> >>> How do i now change that so that i can authenticate on the first call >>> and create a session and then just use a token after that. >>> >>> I'm doing a rather heavy weight operation to validate the username and >>> password, so I don't want to do it on every call. >>> >>> Are there any examples of doing this? >> >> If you're really using "basic auth", this is actually pretty easy. I >> did this very recently. You first set up your web.xml with webapp >> security using BASIC auth. If you examine your HTTP headers in the >> response from the authenticated service, you should see a "JSESSIONID" >> cookie coming back. If you store that hash value in the client and then >> append ";jsessionid=<hash>" to subsequent URLs (until the session >> expires), it should work. If you're making this call from JSP with >> reasonable tag libraries, these mechanisms may even happen without your >> intervention. >> >
