In my application, I want to force the users to login to a web application before they can use the application which communicates via SOAP. I have setup the web app based login, and can see a Subject gets created, but for some reason, when the app which uses SOAP sends its first request, it wipes the original Subject and then goes through the LoginModule again.
My web services are marked as transport-guarantee CONFIDENTIAL but I never use auth-method.
Is there any way to use the session which was established by the web application for web services?
Thanks and Regards,
Web service endpoints are stateless. So you currently cannot reuse the same session. The ws clients will have to provide authentication information with every call. Caching in the SecurityManager applies.
Stub stub = (Stub)service.getPort(SEI.class); stub._setProperty(PROPERTY_USERNAME, username); stub._setProperty(PROPERTY_PASSWORD, password);