Reputation: 75
Custom authentication for SOAP using JavaEE
I need to implement double check authentication using 1) certificate and 2) authentication by login/password for my SOAP web-service. Is it possible with JavaEE?
With spring-ws-security I could freely add custom AuthorizationProvider, and check user by any tool...
I've found authentication on servlet-level for certificate check:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
But how could I add custom authentication on SOAP level? Thanks!
Upvotes: 0
Views: 94
Answers (1)
Reputation: 298
I dont understand what you mean by JavaEE but still, you can implement custom authentication/authorization methodology at any place in your code.
As a true-story scenario we have implemented a BaseService class as super class of all Service classes of webservices, and checked authentication before calling execution of the service.
Second, even it is a webservice, still it is a Web project, it has servlet implementation and web.xml. Therefore you can use listeners, filters etc.
Very easy and dummy way implementing a filter. Then you can mark all your protected resources and public resources which are filtered or not.
Upvotes: 1
Related Questions
- Web service soap authentication with javax problem
- User authentication in SOAP Webservices
- How to authenticate a Web Service Client with JAX-WS / SOAP
- How to authenticate soap based java web services?
- soap header authentication
- How to add "Authentication" on existing SOAP web services?
- WebService Authentication with Soap Header
- User authentication in java web services
- SOAP Authorization
- Web Service authentication in Java EE