You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-user@ws.apache.org by "Robert C. Lyons" <bo...@unidex.com> on 2001/01/18 18:32:08 UTC
Controlling access to web services
I need to control access to my web services.
I'd like to use HTTP basic authentication (i.e.,
username and password), and I'd like the web
server to decide if a user is authorized to
invoke a web service.
I plan to do the following to control access to
my web services, and I would appreciate any
feedback on my plan.
For each web service (i.e., method), I'll define a separate
virtual name for Apache SOAP servlet. Each virtual name
will include the name of the corresponding method name. So,
each web service will be invoked using a separate URL, and
all of these URLs will indirectly point to the same Apache SOAP servlet.
For example, if I have two web services named addClaim()
and modifyClaim(), then the SOAP client might invoke these
methods using the following URLs:
http://host:4321/soap-servlets/addClaim and
http://host:4321/soap-servlets/modifyClaim. Both of these
URLs will indirectly point to the Apache SOAP servlet. In my web
server, I'll set up two ACLs that control access to these
two URLs (i.e., to these two web services).
I'll need to modify the Apache SOAP source code, so that
it rejects any attempts to invoke a web service where
the Request URL of the HTTP session does not include the
name of the method being invoked.
It would be great if Apache SOAP allowed the administrator
to specify the Request URL of a web service when deploying
the web service. When the web service is invoked, Apache
SOAP could then verify that the actual Request URL for the
HTTP session matches the Request URL that the administrator
specified for the web service (if the administrator specified
a Request URL for the web service).
Thanks in advance for any feedback.
Best regards,
Bob
<sig name = 'Bob Lyons'
title = 'E-Commerce Consultant'
company = 'Unidex, Inc.'
phone = '+1-732-975-9877'
email = 'boblyons@unidex.com'
url = 'http://www.unidex.com/'
product = 'XML Convert: transforms flat files to XML and vice versa' />