Chapter 4. Claiming and verifying identity with passwords

This chapter covers

Password-based authentication
Plain-text passwords
Digest authentication

As you saw in the previous chapter, the SOAP specification allows headers to be used for extending SOAP. WS-Security defines standard security headers for SOAP. In the first demonstration of WS-Security, we sent a username in a standard header. We also discussed the code behind that demonstration.

Sending the username along with the request is one way to claim identity. Most services require a user to establish his identity before his requests are served. This is because:

Security restrictions require that services be provided only to authorized users. While it is not always necessary to ...

Get SOA Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SOA Security by Ramarao Kanneganti, Prasad Chodavarapu

Chapter 4. Claiming and verifying identity with passwords

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly