You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Joe Plautz <jo...@customcall.com> on 2005/02/16 18:59:17 UTC
Security Issue
Hello,
I'm looking for some guidance in the realm of security. I am in charge
of creating some web services to be used by a PowerBuilder front
end(changing this is not an option). What I've discovered is that
PowerBuilder does not allow you to modify/add headers in any shape or
form. So, adding in WS-Security compliant headers or some other form of
authentication headers would require a lot more time than than
desired(ie writing a custom soap lib). It does support HTTP-Basic
authentication, but because of the way the user information is being
stored it is not a feasible option, user info is being stored in client
specific databases. I've come up with my own ideas, which include
sending the "authentication" piece as part of the message. If anyone has
any alternative ideas please let me know.
Thanks,
Joe Plautz
Re: Security Issue
Posted by Mike Barton <mb...@allesta.com>.
Joe,
You might want to look at UDDI authentication mechanism, which is based
on simple token exchange model.
http://uddi.org/pubs/ProgrammersAPI-V2.04-Published-20020719.htm#_Toc25137739
Mike.
Joe Plautz wrote:
> Hello,
>
> I'm looking for some guidance in the realm of security. I am in charge
> of creating some web services to be used by a PowerBuilder front
> end(changing this is not an option). What I've discovered is that
> PowerBuilder does not allow you to modify/add headers in any shape or
> form. So, adding in WS-Security compliant headers or some other form
> of authentication headers would require a lot more time than than
> desired(ie writing a custom soap lib). It does support HTTP-Basic
> authentication, but because of the way the user information is being
> stored it is not a feasible option, user info is being stored in
> client specific databases. I've come up with my own ideas, which
> include sending the "authentication" piece as part of the message. If
> anyone has any alternative ideas please let me know.
>
> Thanks,
> Joe Plautz
>
>