You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Jonathan Glaschke <e-...@jonathan-glaschke.de> on 2008/05/25 10:01:10 UTC
Authentication and Session Management in Soap/cxf
Hello,
I'm looking for the ability to authenticate users in soap. I don't want to use
http authentication, because that would mean relying on http as transport,
but when I'm using soap, I'm in the first instance independent of the
transport method. I want to keep this flexibility.
On the internet, I found several things about authentication directly via soap
e.g. http://www.whitemesa.com/soapauth.html
Is there a way to do this in CXF? And, what comes next is the necessity to
access the login information on the server site and/or assign session ids to
access these sessions in the java code.
I know I can do this with interceptors and define my own headers. But will
this allow accessing the information in the java code of the service, too?
At the end I can do this using a session parameter in every soap method
signature, too, but I would prefer having this in a standard way integrated
in the framework. (If it does exist).
Thanks in advance,
Jonathan Glaschke
Re: Authentication and Session Management in Soap/cxf
Posted by Agustí Dosaiguas Falcó <ag...@dosaiguas.net>.
Jonathan,
To authenticate users you can use the WS-Security standard that is
supported by CXF. With WS-Security you can choose many autentication
methods including user/password (UsernameToken) or client certificates.
Regards,
Augusti Dosaiguas
En/na Jonathan Glaschke ha escrit:
> Hello,
>
> I'm looking for the ability to authenticate users in soap. I don't want to use
> http authentication, because that would mean relying on http as transport,
> but when I'm using soap, I'm in the first instance independent of the
> transport method. I want to keep this flexibility.
>
> On the internet, I found several things about authentication directly via soap
> e.g. http://www.whitemesa.com/soapauth.html
>
> Is there a way to do this in CXF? And, what comes next is the necessity to
> access the login information on the server site and/or assign session ids to
> access these sessions in the java code.
>
> I know I can do this with interceptors and define my own headers. But will
> this allow accessing the information in the java code of the service, too?
>
> At the end I can do this using a session parameter in every soap method
> signature, too, but I would prefer having this in a standard way integrated
> in the framework. (If it does exist).
>
> Thanks in advance,
> Jonathan Glaschke
>