Securing Apache SOAP services with HTTP basic authentication

Many applications require users to provide identifying information. One cannot provide access control for individual services. One can only provide access control for the router servlets, for example, the rpcrouter servlet URI. If you can get to a servlet, you can access any of the Web services served through the servlet. Therefore, if you have a set of secure services, you have to partition them differently so that they are accessed through a URI that is secured, for example, /secureRPCRouter . An example of a service that is not secure or accessible to everyone is /uprotectedRCPRouter .

Using the Application Assembly Tool (AAT), you can set authorization levels by assigning roles to HTTP methods and by assigning users to roles. One can then authenticate users, verifying they are authorized to view specific information. There are many ways to prompt users for authentication data.


Assembling applications