We are using JBOSS.net to expose ejb methods as SOAP based webservices.
Question: How do we implement client Authorization in a webservice interface? what are pros cons?
Can email to
If you use JBossWS post here, if you use JBoss.NET post there. Do not post the same message in both topics. This is spam.
You can do authetication on the message level (as SOAP headers) or on the transport level with HTTP
See this tread or the JBossWS wiki for details