• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

designing security for soa applications

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I am working on a service that is part of many services in a large SOA architecture based enterprise application. My service is a pojo based application that is deployed on weblogic server and uses Spring for autowiring the components.
The clients of this service are other serives. There are webservices, rmi and socket based clients. The webservices clients are two types - soap and simple http url based xml requests. The requirement is to desing security to my service that is independent of the client request type.
The service is supposed to process a quarter million requests per day and 99% of them are simple http requests.

The requirement is to design security to my service that is independent of the client request types.

The high level requirements are:

a) The security implementation must not be tied to a particular tool/technology as fara as possible, in case the service needs to be deployed on a different vendor specific application server.

b) Some clients applications/services send user credentials and some do not; How to design security in terms of authentication, authorization and access control that handles both the cases.

c) How to implement security specific to webservices which MUST be common to soap and simple http requests.

I am new to security and webservices. I did some home work and came across digital cetificates in case of authorization and filters for common seecurity for soap and simple http/rest like requests.
But I do not enough information to have a head start in terms of techologies, design and implementation.

Thus any pointers related to my problem domain in terms of security patterns/web site urls/books/technologies/examples would be HIGHLY appreciated.

Thank you in advance for your valuable time and interest.
 
reply
    Bookmark Topic Watch Topic
  • New Topic