• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How can I secure a web service?

 
Ranch Hand
Posts: 37
IntelliJ IDE Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi everyone!

I am new to web services , i have developed a small web service using jax-ws and i want clients of this web service to send user name and password in each soap message they send to my service , so how can i do that with https and basic authentication , is it the same as securing any web page or does it require any addiational stuff that i should know about .

thank you

I developed a small web service and I want the clients of this web service to send user name and password each time they access my web service. I'm not looking to encrypt the call (maybe in the future I will).

Here is an example of my web service...


I have a test client that accesses the web service, and effectly I get the following error, "The server sent HTTP status code 401: Unauthorized"

here is my client code...


I've been reading on the web about securing web services in JBoss, and I'm confused as to what I must do. I keep see that I need to add some stuff to web.xml, other sites I read mention jboss-web.xml. Where are these files located what do I have to add to these files? Also what do I need to do on the client side to access my secure web service?

My web service is running on JBoss 4.3.0.

Thanks!
 
author
Posts: 5856
7
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Go to the JBoss in Action web site (link below) and grab the free chapter 9. That has everything you need to know about configuring web services. Even though the book is specific to AS 5.x, AS 4.x uses the same web services code (the versions are different but the configuration is the same). There is a whole section on securing web services.
 
Steve Vittoria
Ranch Hand
Posts: 37
IntelliJ IDE Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Peter, thanks for the reply.

I have read that chapter but I'm still confused as to what I need to do to secure my EJB web service. As I mentioned earlier, I've gotten to the point where my web service is secure (thanks to the info I got in the JBoss in Action book), I even secured the WSDL file using the following lines of code...



So now even when I try to view the WSDL file, I get prompted for a user name and password. My question is, where do I assign this user name and password in JBoss? Reading on the web I keep seeing various articles mention xml files such as web.xml, jbossws.xml and ejb-jar.xml. Do I add the user name and password to one of these files? Keep in mind my web service is an EJB and not a web application so I don't have a web.xml or jbossws.xml, so where do I add the user name and password?
 
Peter Johnson
author
Posts: 5856
7
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Steve wrote: My question is, where do I assign this user name and password in JBoss?


JBoss in Action, pg 252, Securing the EJB Web Service wrote: Finally, the value element of the @SecurityDomain annotation identifies the
name of the login module used (3).


The login module determines where and how the username and password are specified within JBoss AS. The example in the book uses properties files in server/xxx/conf/props. So what is the definition of PatientDemoWS in login-config.xml?
 
Steve Vittoria
Ranch Hand
Posts: 37
IntelliJ IDE Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for all your help Peter, I finally got it working!
 
You get good luck from rubbing the belly of a tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic