I am planning to implement security on webservices. Whats the best way to do it ?
Solutions:
X.509 -- 10 webservices which needs to be verified for the client who accesses it, which can be done with certificates, but i don't have much idea about certificates. I have created a keystore with keytool now whats the next thing i need to do ? Is there any way i can create some internal certificates for my development purpose and then move to some certificate provider once moving to production ?
Also for implementing security on webservices can we create webservice handlers and implement the authentication or role based checks security in that. Are there any practical links where i can see step by step guide to implement security to a webservice.
Atlast any clues about certificates or any kind of webservice security links or guide is highly appreciated.
I have heard about WS-Security but was not able to find any easy guide to implementing one on any webservice. I am creating EJB3 webservices with annotations and deploying on
jboss server.
Thanks,
Rahul