Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I work on a project website and I am about to develop a Web Service to a specific module of my project.
The problem is that I need to ensure the two concepts of authentication and authorization with the Web Service. I do not know how the web services technology provides the two concepts of security.
Please help me to advance, for your explanation and useful links, I’m really stuck
thank you
Each web service framework provides its own hooks to authenticate and to authorize. So are you asking how to authenticate and authorize from a technical perspective?
I’ve only ever done Axis web services. In that case, authorization could be handled declaratively in a WEB-INF/webservices.xml file.
Authentication is similarly handled – you configure a handler-class and implement the #handleRequest method, which is a called before the endpoint is reached. At that point you can either get the encoded user:pass out of the HTTP header, or the SOAPHeader credentials, or whichever scheme you decide to use.
In the end, it’s a technical question that is answered programmatically based on which frameork you use.