user2298956
user2298956

Reputation: 75

Custom authentication for SOAP using JavaEE

I need to implement double check authentication using 1) certificate and 2) authentication by login/password for my SOAP web-service. Is it possible with JavaEE?

With spring-ws-security I could freely add custom AuthorizationProvider, and check user by any tool...

I've found authentication on servlet-level for certificate check:

<login-config>
       <auth-method>CLIENT-CERT</auth-method>
</login-config>

But how could I add custom authentication on SOAP level? Thanks!

Upvotes: 0

Views: 94

Answers (1)

Afsin Buyuksarac
Afsin Buyuksarac

Reputation: 298

I dont understand what you mean by JavaEE but still, you can implement custom authentication/authorization methodology at any place in your code.

As a true-story scenario we have implemented a BaseService class as super class of all Service classes of webservices, and checked authentication before calling execution of the service.

Second, even it is a webservice, still it is a Web project, it has servlet implementation and web.xml. Therefore you can use listeners, filters etc.

Very easy and dummy way implementing a filter. Then you can mark all your protected resources and public resources which are filtered or not.

Upvotes: 1

Related Questions