Reputation: 75
I need to implement double check authentication using 1) certificate and 2) authentication by login/password for my SOAP web-service. Is it possible with JavaEE?
With spring-ws-security I could freely add custom AuthorizationProvider, and check user by any tool...
I've found authentication on servlet-level for certificate check:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
But how could I add custom authentication on SOAP level? Thanks!
Upvotes: 0
Views: 94
Reputation: 298
I dont understand what you mean by JavaEE but still, you can implement custom authentication/authorization methodology at any place in your code.
As a true-story scenario we have implemented a BaseService class as super class of all Service classes of webservices, and checked authentication before calling execution of the service.
Second, even it is a webservice, still it is a Web project, it has servlet implementation and web.xml. Therefore you can use listeners, filters etc.
Very easy and dummy way implementing a filter. Then you can mark all your protected resources and public resources which are filtered or not.
Upvotes: 1