Announcement Announcement Module
No announcement yet.
Digest and Axis Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Digest and Axis

    Hi folks,

    we currently have a service that is accessible via httpinvoker and secured by Acegi's Digest auth. On the client side this is done with a Request executor that supports digest auth and is assigned to the HttpInvokerProxyFactoryBean with the property "httpInvokerRequestExecutor".
    This works fine but now we have to expose this service also as a Webservice with Axis (JAX-RPC). We use the JaxRpcPortProxyFactoryBean as shown in the Spring tutorial. Now the question is: how do I use the Digest Auth with the Axis Webservice? Is there any mechanism to assign a different RequestExecutor or something?


  • #2
    You would be best off asking this one on the AXIS mailing list. One thing to consider is the BASIC vs Digest trade-off. Digest gives you some degree of protection from cleartext passwords across the wire, but not great protection. If using SSL (HTTPS) this is almost a totally unnecessary approach. BASIC gives you over Digest a range of benefits including simplicity, widespread client support, and not requiring HttpSesisons on the server-side. Maybe it's worth using BASIC unless you have a cleartext (ie HTTP) transport requirement.