We have a Java 1.4 web service running on AIX 5. We want to have the web service methods execute under the context of the caller, not the hosting web server. How would we go about this?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We have a Java 1.4 web service running on AIX 5. We want to have the web service methods execute under the context of the caller, not the hosting web server. How would we go about this?
You should be able to perform JAAS authentication (just like a normal J2EE web application), which will establish the principals associated with the subject. The container automatically ensures that the current worker thread is associated with the identified subject. The subject and its principals are also propagated down to the service/business tier as is the case with a normal servlet.
It might also be worthwhile to determine the web service security features of the underlying application server, as it might offer more features than the basic/digest/form authentication functionality that is present in JAAS. For example, WebLogic Server allows for certificate based authentication of web service clients (with some configuration involved), and that might be true of the application server that you’re using as well. Usually, the container security features will ride on top of JAAS and the related security features in J2EE 1.4, thereby ensuring that the J2EE security features used in the other sections of the application will continue to perform as expected.