I have implemented a web service using JAX-JWS. I would like this web service to authenticate the incoming request or atleast be able to access the username - password information sent in the Soap request. What is the best way to do this?
A:
Maybe the simplest way is to exchange authentication token between your clients and your WS. The first client call would be an authentication. The WS would return the token that is to be passed in all the following calls for the client credentials. You can set an expiration time on the token. You can use the SOA header properties for that With this approach the advantage is that your WS does not have to repeat the authentication/authorization procedure over and over again, and gives you the full advantage of controlling who's using the application
peter
2010-06-01 17:35:33