• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Webservice Security methods ?

 
Ranch Hand
Posts: 425
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am planning to implement security on webservices. Whats the best way to do it ?

Solutions:
X.509 -- 10 webservices which needs to be verified for the client who accesses it, which can be done with certificates, but i don't have much idea about certificates. I have created a keystore with keytool now whats the next thing i need to do ? Is there any way i can create some internal certificates for my development purpose and then move to some certificate provider once moving to production ?

Also for implementing security on webservices can we create webservice handlers and implement the authentication or role based checks security in that. Are there any practical links where i can see step by step guide to implement security to a webservice.

Atlast any clues about certificates or any kind of webservice security links or guide is highly appreciated.

I have heard about WS-Security but was not able to find any easy guide to implementing one on any webservice. I am creating EJB3 webservices with annotations and deploying on jboss server.

Thanks,
Rahul
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There are many facets to security. Are you solely interested in client certificates, or would other forms of authentication be acceptable as well? WS-Security also covers encryption and digital signing which might be if value.

A problem with the WS-Security standard is that there is no single way how to use it WS implementation. So using it with JBoss will be different from using it with Axis or Metro; you'll need to check the JBoss documentation for information on how to apply it.
 
Rahul Juneja
Ranch Hand
Posts: 425
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am thinking of implementing it with a combination of certificates and role based security.

Can you guide me to any specific links where i can find the sample implementation and i think it would be good if we can find a generic solution incase we port the webservices to a different server in future.

Also i am considering Oracle SOA suite and OracleAs for deploying webservices. Any specific hint to Oracle will also help me a lot.

Any help appreciated.

Thanks,
Rahul
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic