Win a copy of Java Concurrency Live Lessons this week in the Threads forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Mking a webservice secure  RSS feed

 
sivaprasad pasupulathi
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

I have a webservice running without any security authentication.Now i have to make the same WS to run under authenication.
Can any one point me to few examples,where i make the WS secure.(either HTTPS,WS..)

Thanks
SP
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The modern day standard to secure WS is called WS-Security. It supports authentication, encryption and signature, and is available for all major SOAP stacks (like Metro, Axis2, CXF, etc.)
 
Leonardo Carreira
Ranch Hand
Posts: 494
Eclipse IDE Java Postgres Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mr. Ulf..
How about while we use JAX-WS, could we implement WS-Security also?..
is there any link or book that specified for describe it?..

Thanks in advance..
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, WS-Security works with JAX-WS. Both Metro and Axis2 (through its Rampart module) implement that, and both have examples and documentation readily available.
 
Leonardo Carreira
Ranch Hand
Posts: 494
Eclipse IDE Java Postgres Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok.. Thanks for your reply..

and then if i only use EJB3.0 exposed as WebService through JAX-WS, how to secure it?..
and then, whether learn or implement only EJB3.0 exposed as WebService through JAX-WS is enough for developing "Real WebService"?.. or do we still need any implementation again (such as Metro and Axis2)?..

Thanks..
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Assuming that you have a full JEE 5 server, then it already includes JAX-WS, and will have means to secure that through WS-Sec. Unfortunately, there's no standard way to apply WS-Sec to JAX-WS (or any other WS); check the documentation of your server software.
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!