Please Advise, Axis2 -> tomcat authentication system

["Willard, Jonathan" <Jo...@ca.com>]

 

Hi all,

 

Hopefully someone can recommned the right way to do this... 

 

I have an Axis2 WebService whose main job is to instantiate objects
running in tomcat.  These tomcat objects organize data and return them
thru the WebService interface.  This allows me to expose legacy data in
an existing application thru WebServcies/WSDL.  

 

The problem is that my tomcat/legacy app has a strong authentication
mechanism built in for it's thick clients.  It uses objects the provide
enterprise Single Sign On capability.  How can I get my Axis2 WebService
to use the same Single Sign On mechanims?

 

I have looked at the following options:

 

1.	Modify Axis2.xml to do something similar to the tomcat
server.xml - 

	a.	Having difficulty figuring out how to do this ...

2.	Pass User/Password credentials from the WS client to the Axis2
Server then manually call the auth objects that reside in tomcat

	a.	Seems like it could work but how does the server side
'get' the username and pw I set in the client side
org.apache.axis2.transport.http.HttpTransportProperties.Authenticator

3.	User rampart (somehow)???
4.	Other options?

 

So right now #2 seems like the fastest easiest but I wonder if this will
prevent me from using SSL and if it only secures HTTP and that leaves
other protocols open ...

 

Please chime in.

 

Jon