Tuesday, June 28, 2005

Simple securing of webservices

in work today i had to implement a really simple way of securing webservices. Actually of a particular webservice which plays a messaging role inside my product. Only client side authentication and encryption of message was needed.

Initially i tried to use HTTPS and security roles (and users) in Jetty. I was not able to go ahead. Dont know why. Jetty was allowing even barred users to go ahead with webservice calls even though https was working fine. Then I found out that axis has a built handler which can do the required funbctionality SimpleAuthenticationHandler. I had known about about HTTPAuthHandler which took the login and password from the SOAP message and put it in MessageContext but never knew about SimpleAuthenticationHandler. it simply made my day.

0 Comments:

Post a Comment

<< Home