-
1. Re: Authenticating Webservice as Web Session
thomas.diesler Feb 1, 2005 6:46 AM (in response to rtomlinson)WS4EE service endpoints are fundamentally stateless, so passing in a session id does not make sense.
Authenticating against an endpoint is described here:
http://www.jboss.org/wiki/Wiki.jsp?page=WSSecureEndpoint -
2. Re: Authenticating Webservice as Web Session
rtomlinson Feb 1, 2005 8:18 AM (in response to rtomlinson)True, it makes no sense for a j2ee session, but the session I am trying to maintain is a web (tomcat) session. The web session makes sense for authentication else every page would require typing in your name and password
-
3. Re: Authenticating Webservice as Web Session
forkbomb Feb 1, 2005 12:04 PM (in response to rtomlinson)Instead of passing the session ID, you can configure the security domain to have the same user names and passwords as your web users, configure your web services to use basic auth, then pass the username and password as the HTTP headers. The wiki link that Thomas posted above explains it all. The trick is just to make sure that the usernames/passwords in your web tier match up with the usernames/passwords in your EJB tier.