Feb 24th, 2006, 06:02 AM
Digest and Axis
we currently have a service that is accessible via httpinvoker and secured by Acegi's Digest auth. On the client side this is done with a Request executor that supports digest auth and is assigned to the HttpInvokerProxyFactoryBean with the property "httpInvokerRequestExecutor".
This works fine but now we have to expose this service also as a Webservice with Axis (JAX-RPC). We use the JaxRpcPortProxyFactoryBean as shown in the Spring tutorial. Now the question is: how do I use the Digest Auth with the Axis Webservice? Is there any mechanism to assign a different RequestExecutor or something?
Mar 6th, 2006, 08:03 AM
You would be best off asking this one on the AXIS mailing list. One thing to consider is the BASIC vs Digest trade-off. Digest gives you some degree of protection from cleartext passwords across the wire, but not great protection. If using SSL (HTTPS) this is almost a totally unnecessary approach. BASIC gives you over Digest a range of benefits including simplicity, widespread client support, and not requiring HttpSesisons on the server-side. Maybe it's worth using BASIC unless you have a cleartext (ie HTTP) transport requirement.