3 Replies Latest reply on Oct 28, 2005 10:13 AM by Thomas Diesler

    Securing ServiceEndPoint for Servlet type WS

    Julian Htun Newbie

      Hi,

      I'm pretty new to J2EE world. I'm using JBossWS and able to make them work and now I'm trying to secure them.

      This post is 2 folds.

      1. I'm trying out 1 design whereby utilizing the SOAP header and I'm having problem.

      2. I like the guru out there to suggest another better and simpler design if you know one. I heard about HTTP Basic Authentication but I also heard that sometimes it won't work thru Proxy Server as the HTML header sometimes get changed. Secondly it might not work from Laszlo.


      Back to item #1....

      I need to authenticate using a third party JAAS module (DatabaseServerLoginModule). It is already in login-config.xml and it is working fine with another WAR.

      I did see the following tutorial BUT it is for EJB and I'm using Servlet and I don't know how to configure such that the 3rd party JAAS module is get called.

      http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecureEndpoint

      Thanks in advance,
      -Julian Htun