You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by "Jeyakumaran.C" <jk...@vijayaba.cse.mrt.ac.lk> on 2002/10/07 08:25:31 UTC

Re: Simple username-password security with Axis?

Hi,
Axis has SimpleAuthenticationHandler and SimpleAuthorizationHandler.
According to your need you better select one of these handlers and configure
them.
If you select the Authentication handler you have to keep a personal users
list to authenticate users.
If you select the Authorizatin Handler then You can do the authorization in
the wsdd file.
Remember both are different and implemented for different usages.
But even in this apporaches axis still using http authentication.
There are efforts going on for having webservice security.
Time being I hope You can use these handlers.

Regards,
Jeyakumaran.C
----- Original Message -----
From: "Jon Blower" <jd...@mail.nerc-essc.ac.uk>
To: <ax...@ws.apache.org>
Sent: Monday, October 06, 2003 7:33 PM
Subject: Simple username-password security with Axis?


> Dear Axis users,
>
> I would like to add a very basic level of security to my Web Service.  I
> would like users to be authenticated by simply including a username and
> password in the SOAP message when calling the Web Service.
>
> What's the easiest way of encrypting the username/password so it can't be
> decrypted if someone intercepts the SOAP message?  I don't need a solution
> with maximum security - the authentication is basically to keep track of
> who's using the Web Service and to provide different levels of access to
> different users.  The Web Service in question involves significant server
> load, so the security is just intended to prevent unauthenticated users
> submitting requests that will hold up the server.
>
> I have even considered sending the username/password unencrypted, but
> ideally I would like a bit more security than this if it's not hard to
> implement.  Only the username/password part of the message would have to
> be encrypted.
>
> I've looked on the Web for appropriate toolkits/APIs but haven't been able
> to track down an obvious solution.
>
> Thanks in advance for any help or advice,
>
> Jon
>
>
> --
> --------------------------------------------------------------
> Dr Jon Blower              Tel: +44 118 378 5213 (direct line)
> Research Fellow            Tel: +44 118 378 8741 (ESSC)
> ESSC                       Fax: +44 118 378 6413
> University of Reading      Email: jdb@mail.nerc-essc.ac.uk
> 3 Earley Gate
> Reading RG6 6AL, UK
> --------------------------------------------------------------
>
>