[5.0 only]Securing Apache SOAP services with HTTP basic authentication

Why and when to perform this task

Many applications require users to provide identifying information. You cannot provide access control for individual services. You can only provide access control for the router servlets, for example, the rpcrouter servlet URI. If you can get to a servlet, you can access any of the Web services served through the servlet. Therefore, if you have a set of secure services, you have to partition them differently so that they are accessed through a URI that is secured, for example, /secureRPCRouter. An example of a service that is not secure or accessible to everyone is /uprotectedRCPRouter.

Using the Application Assembly Tool (AAT), you can set authorization levels by assigning roles to HTTP methods and by assigning users to roles. You can then authenticate users, verifying they are authorized to view specific information. There are many ways to prompt users for authentication data.


Related tasks
Assembling applications with the AAT



Searchable topic ID:   twbs_http
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/twbs_http.html

Library | Support | Terms of Use | Feedback