jax-ws, authentication for php clents

views:

answers:

+1 Q:

jax-ws, authentication for php clents

Scenario: Server is glassfish with jax-ws web services and clients is php based

What type of authentication for web services is more computable with php based clients ?

HTTP Basic Authentication
HTTPS Client Authentication
Mutual Authentication (is it supported ?)
Digest Authentication (is it supported ?)

Description :

Specifying an Authentication Mechanism

Thank you!

-1- no go, dangerous, sniffable

-2-4- sort of same level

you should consider using some modern (and complicated) standards like OAuth

skrat 2010-05-06 12:44:18

+1 A:

No. 1 over HTTPS is most compatible, easy to implement in PHP. Don't use #1 over clear HTTP.

Don't know what you mean by No. 2 and No. 3, they sound the same to me. That can be done with curl.

No. 4 is also supported in CURL.

ZZ Coder 2010-05-06 12:54:15

+1 A:

Whatever solution you choose, use HTTPS to send sensitive informations. So:

Don't
This will work but... Who is going to deliver the certificates? How many clients will you have? Can you handle this? And, more complicated, can you maintain this (revoke certificate over time, etc, that's the most tricky part)?
See #2.
I'm not fan.

Maybe have a look at WS-Security UsernameToken (or a custom solution based on SOAP headers). I'm not a PHP expert but WS-Security seems to be supported (at least partially) by some PHP stacks. See:

Pascal Thivent 2010-05-06 13:18:52

at start point I will have about 5 clients (but this number could grow up to 40-60).. thank you for pointing me to tricky part of working with certificates.I will look at WS-Security, not familiar with it yet.. It would be great if some one could point to some good tutorial or official j2ee 6 tutorial is good enough ?

kislo_metal 2010-05-06 14:24:23

ansaurus

tags:

views:

answers:

jax-ws, authentication for php clents

related questions