You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Jonathan Glaschke <e-...@jonathan-glaschke.de> on 2008/05/25 10:01:10 UTC

Authentication and Session Management in Soap/cxf

Hello,

I'm looking for the ability to authenticate users in soap. I don't want to use 
http authentication, because that would mean relying on http as transport, 
but when I'm using soap, I'm in the first instance independent of the 
transport method. I want to keep this flexibility.

On the internet, I found several things about authentication directly via soap 
e.g. http://www.whitemesa.com/soapauth.html

Is there a way to do this in CXF? And, what comes next is the necessity to 
access the login information on the server site and/or assign session ids to 
access these sessions in the java code.

I know I can do this with interceptors and define my own headers. But will 
this allow accessing the information in the java code of the service, too? 

At the end I can do this using a session parameter in every soap method 
signature, too, but I would prefer having this in a standard way integrated 
in the framework. (If it does exist).

Thanks in advance,
Jonathan Glaschke

Re: Authentication and Session Management in Soap/cxf

Posted by Agustí Dosaiguas Falcó <ag...@dosaiguas.net>.

Jonathan,

To authenticate users you can use the WS-Security standard that is 
supported by CXF. With WS-Security you can choose many autentication 
methods including user/password (UsernameToken) or client certificates.

Regards,

Augusti Dosaiguas

En/na Jonathan Glaschke ha escrit:
> Hello,
>
> I'm looking for the ability to authenticate users in soap. I don't want to use 
> http authentication, because that would mean relying on http as transport, 
> but when I'm using soap, I'm in the first instance independent of the 
> transport method. I want to keep this flexibility.
>
> On the internet, I found several things about authentication directly via soap 
> e.g. http://www.whitemesa.com/soapauth.html
>
> Is there a way to do this in CXF? And, what comes next is the necessity to 
> access the login information on the server site and/or assign session ids to 
> access these sessions in the java code.
>
> I know I can do this with interceptors and define my own headers. But will 
> this allow accessing the information in the java code of the service, too? 
>
> At the end I can do this using a session parameter in every soap method 
> signature, too, but I would prefer having this in a standard way integrated 
> in the framework. (If it does exist).
>
> Thanks in advance,
> Jonathan Glaschke
>