How to authenticate by user name and password in an Axis2 WebService?

I've build a webservice via Axis2 in Java and uploaded it on the server. everything 开发者_运维百科is ok and it works like fine. but I haven't considered any authentication method for that. How can I set a username and password for my method?

The standard for web services authentication is WS-Security. The Axis2 implementation is called Rampart.

You can create a web service method that accepts a user name and password.
If the user name and password are correct then you create a session token (preferably created by using the credentials) and send it back to the web service client.
The client for each web service call, must send along with the request parameters the token as well.
Since the request has a valid token, the client is considered as already authenticated and you proceed with the web service call.

If you're using a servlet (and not a custom-made stand-alone server application) you can just use a servlet filter for authentication.

Depending on the web framework you use you can use the standard security for that. Like you would for securing pages.

Or you could protect the resources using http BASIC or DIGEST authentication.

Web services are - for the container - not much more than web pages so they can be protected in all the standard ways.

You can succesfully use one of the existing Axis2 modules: Rampart.

Check the website (http://axis.apache.org/axis2/java/rampart/) for setup/config instructions and both client & server examples.

With Rampart I managed to use UsernameAndPassword authentication with WCF server and Java client.