HTTP Authentication

HTTP authentication is one of the most straightforward ways to secure your service. You simply need to to configure your servlet container to require a username and password. If you are wondering how to configure your XFire client to send an HTTP username/password check out the documentation on the HTTP Transport.

SOAP Header authentication with JSR 181

You can also send SOAP headers which container username/password information. This is quite simple with JSR 181. You simply need to create a class that contains the username and password:

Then write your service class so that it takes this token:

SOAP Header Authentication with Handlers

Often you will want to authenticate use of your service based on particular Headers in the SOAP Message. Say for example we have a header like the following:

We can easily write a Handler to process this information.

Client Authentication Handler

To make authentication to work, you also need to add the authentication information from the client.

One way to do it is by adding an out handler to your port via the XFireProxy and add the requisite tokens there.

A lot of the info below was taken as is from this blog: http://www.jroller.com/page/hexbinary/20051130

Also, all of the information below is true as of XFire 1.1-beta.

Create a ClientAuthenticationHandler like so:

 Now you need to add this authentication handler to the out handler of your client. One way to do this is programmatically:

 And you're done! Authenticating this way will add the requisite headers to your service.