tags:

views:

68

answers:

2
Q: 

how to identify an http redirect

Hello! I'm about to develop widget that will consume a web service built on top of existing functionality and it's requires that that web service should be aware of where the request is coming from.For example a consumer in the registration can provide information about it's blog or it's website that will be using the widget. Now i need to identify where the request is coming from (www.mysite.com or www.otherside.com),to know whether or not it's authorised or not and whether to process the request or not. I must admit i don't know where to start from or from where to do researches. If someone can shed some light on it i'll be more than glad. I'll be using java.thanks

+3  A: 

The usual thing is to provide each site an authentication token that they pass back to you when making requests. To avoid having the token intercepted and misused, you'd only provide the web service via HTTPS (not just HTTP). This is (for example) how Amazon does it with their various web services.

T.J. Crowder  2009-12-22 13:58:45
thanks for the answer!i thought about the token over the ssl but then if for some reason somebody gets his hand on that token he will probably use the service without me noticing it right?
black sensei  2009-12-22 14:20:36
@black sensei: Right, that's why it's *very* important for the token to be specific to individual end users and for them (and you) to be responsible for keeping it secure and private. That's also why the SSL; if you transmit the token in the clear on the 'net, well, all bets are off.
T.J. Crowder  2009-12-22 15:04:42
+1  A: 

That information can be added to the web service request in the optional header element 

<SOAP-ENV:Header>
 // add your auth element here
</SOAP-ENV:Header>

or you can add an element containing that information to the body of the request.

<SOAP-ENV:Body>
 // add your auth element here
</SOAP-ENV:Body>

You can then check the authorization elements to see if caller is authorized to use the service or not.

ChadNC  2009-12-22 14:19:16
thanks for the answer will try out suggesting and do more research on web service headers
black sensei  2009-12-22 14:30:58

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java