securing webservice in axis2

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

securing webservice in axis2

rajnishe
Hello All
 I am using axis2 and jboss 4.x.x. and have created webservice . Currently anyone who know url
 can invole webservice.
 My need is that only defined users/pwd should be able to call webservice.
 User will be defined at server side and webservice method can be invoke only if user is defined .
 How we can achiev this.
 Thanks in advance for help.
Best Regards
Rajnish Chauhan

Reply | Threaded
Open this post in threaded view
|

Re: securing webservice in axis2

Martin Gainty
following the JavaDoc available at
http://ws.apache.org/axis2/modules/rampart/1_2/security-module.html

axis2.saml.properties contains this vital information:
axis2.crypto.properties contain these vital entries:
org.apache.ws.security.saml.issuer.key.password=security
org.apache.ws.security.saml.subjectNameId.name=uid=joe,ou=people,ou=saml-dem
o,o=example.com
org.apache.ws.security.saml.issuer.cryptoProp.file=axis2.crypto.properties

where axis2.crypto.properties contains
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
org.apache.ws.security.crypto.merlin.keystore.password=security
org.apache.ws.security.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-
2f875f74882e
org.apache.ws.security.crypto.merlin.alias.password=security
org.apache.ws.security.crypto.merlin.file=x509.PFX.MSFT

identification of rampart-wide paramaeters of user, encryptionUser defined
here in rampart-policy-1.xml where
user is users name
passwordCallbackClass is the method used to provide the password
encryptionUser is the username used in the original encryption

M--

----- Original Message -----
From: "rajnishe" <[hidden email]>
To: <[hidden email]>
Sent: Friday, October 12, 2007 1:20 AM
Subject: securing webservice in axis2


>
> Hello All
>  I am using axis2 and jboss 4.x.x. and have created webservice . Currently
> anyone who know url
>  can invole webservice.
>  My need is that only defined users/pwd should be able to call webservice.
>  User will be defined at server side and webservice method can be invoke
> only if user is defined .
>  How we can achiev this.
>  Thanks in advance for help.
> Best Regards
> Rajnish Chauhan
>
>
> --
> View this message in context:
http://www.nabble.com/securing-webservice-in-axis2-tf4611494.html#a13169319
> Sent from the Axis - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]