I am implementing a Java EE based Hospital Management System that has a web service and two clients are to be connected to it, a Java Swing App and a JSP-based web project. The web service is to be implemented using Stateless EJBs.
Please suggest a way of implementing authentication and login for both clients (Users are taken from database-DB2)
NB: This has to be submitted as a project so server(Websphere) based authentication should be avoided as much as possible. Could not find any resource corresponding to this scenario..
I suppose that users will authenticate to both applications with username (and password). If you don’t need user authorization on the service side, you can just create username/password combination for each client and store it in web service configuration file. In that case i would suggest message level security for clients.
http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Ftwbs_securews.html
In case you need user authorization on service side, you can still rely upon message level security but proceed users credentials instead.
Here are also some examples which might be helpful:
http://www.mkyong.com/webservices/jax-ws/application-authentication-with-jax-ws/
http://www.ibm.com/developerworks/websphere/tutorials/0905_griffith/section7.html