Authenticate Web Services
When you expose a web service, you might want to authenticate the user that is executing the service (for example, via user name/pass word, Kerberos, or certificate). This section describes how to configure the service to perform this authentication. For information about the authentication steps listed here, see
Setting Up Security.
Configure the JAAS configuration file (see
Setting Up Security). Then configure a web service to do the following:
Specify the policyValidatorCbClass in the Rampart configuration policy assertion. Below is sample code for the Rampart policy assertion with specified policyValidatorCbClass:
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>service</ramp:user>
<ramp:encryptionUser>client</ramp:encryptionUser>
<ramp:policyValidatorCbClass>com.softwareag.wsstack.jaas.callback
.MultiLoginPolicyValidatorCallback </ramp:policyValidatorCbClass>
Specify the login context name as a parameter on one of the web service levels (global level in axis2.xml, service group level in services.xml, service level in services.xml, operation level in services.xml, message level in services.xml).
To detect any changes in the configuration, the built-in policy validators provided by
Web Services Stack automatically refresh the JAAS configuration prior to each login attempt. Since the configuration is shared for the entire Java virtual machine instance, this detection results in increased synchronization wait time on the server side. To improve the performance, you can disable the automatic refresh feature by setting the autoRefreshJaasConfig parameter to false.
The parameter can be set globally in the axis2.xml configuration file or locally in the services.xml service descriptor. The following excerpt outlines the configuration of the parameter:
<parameter name="autoRefreshJaasConfig">false</parameter>