Tuesday, June 28, 2005

Simple securing of webservices

in work today i had to implement a really simple way of securing webservices. Actually of a particular webservice which plays a messaging role inside my product. Only client side authentication and encryption of message was needed.

Initially i tried to use HTTPS and security roles (and users) in Jetty. I was not able to go ahead. Dont know why. Jetty was allowing even barred users to go ahead with webservice calls even though https was working fine. Then I found out that axis has a built handler which can do the required funbctionality SimpleAuthenticationHandler. I had known about about HTTPAuthHandler which took the login and password from the SOAP message and put it in MessageContext but never knew about SimpleAuthenticationHandler. it simply made my day.


Post a Comment

<< Home