Login/Password for using WS

[Walid <wa...@dbian.org>]

Hello,

I am deploying a WS but I want users to authenticate with a login/password
in order to have access to the WS methods.

How can I do that ?

I thought about writing a login(username, password) method and store the
user session ID (taken from the SOAP Header) somewhere. And then check
if the user has successfully authenticated before trying to use the WS.
But I have no idea how to retrive the user ID.


I am using Java2WSDL and WSDL2Java to write the client and server of my WS.

Thanks for your help...


-- 
Deimos

Re: Login/Password for using WS

[Rodrigo Ruiz <rr...@gridsystems.com>]

The handlers are almost always enough, but if you have heavy code to execute
on any of authentication or authorization steps, I would prefer to have a
login / logout scheme. This way, the heavy duty can be done only once per
session.

To implement such a thing, you can, for example, put an array of booleans in
the session when login is invoked. You should populate or create this array
from your authorization code. Each array item would be an authorization
flag, so it would act as an authorization data "cache". Your service should
check for the value of one or more flags to allow access. The existence of
the array would serve as the authentication flag. You only need to remove it
from the session on logout.

This means that you need to deploy your services with "session" scope. To
access the session from your service code you could use something like:

org.apache.axis.session.Session session =
AxisEngine.getCurrentMessageContext().getSession();
boolean authFlags[] = (boolean[]) session.get("auth-flags");

This will bind your code to Axis, but AFAIK there is no standard way to get
a session instance from within a service method.

Hope it helps you,
Rodrigo Ruiz

----- Original Message -----
From: "Jeyakumaran.C" <jk...@vijayaba.cse.mrt.ac.lk>
To: <ax...@ws.apache.org>
Sent: Sunday, October 13, 2002 5:45 AM
Subject: Re: Login/Password for using WS


> Hi Stephen and Walid,
>
> I have an exta idea with stephon's comment. I thing Walid wants
> authorization for his wsmethods rather than authentication.
> For that it seems it is better to have authorization handler tha
> authentication handler.(May be both.).
> Walid........you better look at authorization handler as well to verify
your
> expectation.
>
> Regards,
> Jeyakumaran.C
> ----- Original Message -----
> From: "Stephen Gordon" <st...@student.usyd.edu.au>
> To: <ax...@ws.apache.org>
> Sent: Sunday, October 12, 2003 7:49 PM
> Subject: Re: Login/Password for using WS
>
>
> > did you take a look at
> > org.apache.axis.handlers.SimpleAuthenticationHandler ???
> >
> > There is a basic user/password implementation there, which u can extend
> > if u want...
> >
> > also check the docs for how it works
> >
> > stephen
> >
> > Walid wrote:
> > > Hello,
> > >
> > > I am deploying a WS but I want users to authenticate with a
> login/password
> > > in order to have access to the WS methods.
> > >
> > > How can I do that ?
> > >
> > > I thought about writing a login(username, password) method and store
the
> > > user session ID (taken from the SOAP Header) somewhere. And then check
> > > if the user has successfully authenticated before trying to use the
WS.
> > > But I have no idea how to retrive the user ID.
> > >
> > >
> > > I am using Java2WSDL and WSDL2Java to write the client and server of
my
> WS.
> > >
> > > Thanks for your help...
> > >
> > >
> >
> >
>

Re: Login/Password for using WS

["Jeyakumaran.C" <jk...@vijayaba.cse.mrt.ac.lk>]

Hi Stephen and Walid,

I have an exta idea with stephon's comment. I thing Walid wants
authorization for his wsmethods rather than authentication.
For that it seems it is better to have authorization handler tha
authentication handler.(May be both.).
Walid........you better look at authorization handler as well to verify your
expectation.

Regards,
Jeyakumaran.C
----- Original Message -----
From: "Stephen Gordon" <st...@student.usyd.edu.au>
To: <ax...@ws.apache.org>
Sent: Sunday, October 12, 2003 7:49 PM
Subject: Re: Login/Password for using WS


> did you take a look at
> org.apache.axis.handlers.SimpleAuthenticationHandler ???
>
> There is a basic user/password implementation there, which u can extend
> if u want...
>
> also check the docs for how it works
>
> stephen
>
> Walid wrote:
> > Hello,
> >
> > I am deploying a WS but I want users to authenticate with a
login/password
> > in order to have access to the WS methods.
> >
> > How can I do that ?
> >
> > I thought about writing a login(username, password) method and store the
> > user session ID (taken from the SOAP Header) somewhere. And then check
> > if the user has successfully authenticated before trying to use the WS.
> > But I have no idea how to retrive the user ID.
> >
> >
> > I am using Java2WSDL and WSDL2Java to write the client and server of my
WS.
> >
> > Thanks for your help...
> >
> >
>
>

Re: Login/Password for using WS

[Stephen Gordon <st...@student.usyd.edu.au>]

did you take a look at 
org.apache.axis.handlers.SimpleAuthenticationHandler ???

There is a basic user/password implementation there, which u can extend 
if u want...

also check the docs for how it works

stephen

Walid wrote:
> Hello,
> 
> I am deploying a WS but I want users to authenticate with a login/password
> in order to have access to the WS methods.
> 
> How can I do that ?
> 
> I thought about writing a login(username, password) method and store the
> user session ID (taken from the SOAP Header) somewhere. And then check
> if the user has successfully authenticated before trying to use the WS.
> But I have no idea how to retrive the user ID.
> 
> 
> I am using Java2WSDL and WSDL2Java to write the client and server of my WS.
> 
> Thanks for your help...
> 
>