-
1. Re: WS security and non-java clients
jason.greene Mar 13, 2005 12:03 PM (in response to singular_droid)For better portability take a like at using HTTP basic auth. Take a look at the wiki for how:
http://www.jboss.org/wiki/Wiki.jsp?page=WSSecureEndpoint
-Jason -
2. Re: WS security and non-java clients
singular_droid Mar 14, 2005 4:52 AM (in response to singular_droid)Mmmmmm
Basic auth is good but it doesn't work when i have a number of proxy between my ws and client.
Cause the authentication information in this situation is added to the http header, which can be modified by proxies, while the soap part of message is always unchanged. -
3. Re: WS security and non-java clients
jason.greene Mar 15, 2005 4:40 PM (in response to singular_droid)Then yes, if you can replicate the headers with your non-java client it will work.
-Jason -
4. Re: WS security and non-java clients
singular_droid Mar 16, 2005 8:59 AM (in response to singular_droid)Thanks a lot. And there is no way to include info about auth-header into wsdl of ws in deploy-time?
-
5. Re: WS security and non-java clients
jason.greene Mar 17, 2005 12:02 AM (in response to singular_droid)You could define a soap:header element in your wsdl but you would have to define a schema element type that replicated the jbws tags exactly (including the soap:actor attribute). However, the problem you are going to have is how you actually bind to those parameters in whatever non-java client you are using. Another route to take, if your non-java client api supports this, is to write a handler that modifies the message to include the appropriate tags.
-Jason