5 Replies Latest reply on Mar 17, 2005 12:02 AM by Jason Greene

    WS security and non-java clients

    Pawel Polyakov Newbie

      Hi all!
      I'm trying to secure my WS with JAAS. The problem is that my WS is accessed both by java and non-java clients. Java clients are succesfully authenticated with JAAS, but I don't know the simple way to tell my non-java client to authenticate with JAAS.
      First, the only one thing is needed(as I think) is to include into the SOAP-message header like this one:

       <soapenv:Header>
       <jbws:username actor="http://webservice.jboss.com/ws4ee/login" xmlns:jbws="http://webservice.jboss.com/ws4ee">scott</jbws:username>
       <jbws:password actor="http://webservice.jboss.com/ws4ee/login" xmlns:jbws="http://webservice.jboss.com/ws4ee">tiger</jbws:password>
       </soapenv:Header>
      

      As I understand this header is implicitly included into client's SOAP message wich was sent to WS. But there is the explicit way to tell all clients to include such header into message - add lines like this(bold) in WSDL file of my WS:
      ...
      <wsdl:operation name="helloName">
      <wsdlsoap:operation soapAction=""/>
       <wsdl:input name="helloNameRequest">
      <wsdlsoap:header message="lalala"
       part="request_header_lalala" use="literal"/>
      <wsdlsoap:body namespace="http://interfaces.zenith.ru" use="literal"/>
      </wsdl:input>
      ...
      

      Is my "manually" constructed auth header enough to put server-side JAAS auth to work with non-java clients or not?(maybe it sounds stupid but... I hope yes :))