The security-facade package implements a single-sign-on (SSO) authentication system between SOAP clients and SOAP services. Messages sent with the aid of this package are annotated with SSO credentials in the SOAP headers. Messages received by services using this package are authenticated using the credentials in the message.
The current implementation is based on Axis and WSS4J. It enforces digital signatures on requests from clients to services in line with the emerging IVOA standard for SSO.
The facade hides details of the authentication from the client and service code. Services alter their WSDD configuration to use the facade. Clients call the facade's APIs, with the Axis-specific security calls encapsulated in the axis-specific delegates.