I have a jax-ws
soap web service (implemented NOT like Session bean) generated in NetBeans from wsdl. Deployed on Glassfish 3.1.2. I want to secure access to it using mutual certificate authentication usig SSL and https. I have read a lot of articles and books. As I understood there are several variants:
use OpenSSL (unfortunately it fails during deployment, I can show stacktrace if needed);
use
http://www.ibm.com/developerworks/java/library/j-jws10/index.html [Jax-ws metro security]
I have the following questions:
What is the best and the most adequate method? May be you can advise me anything else?
Could you show me a good tutorial which includes every step (generating certificates, modifying source code, config Glassfish)?
And why web service security is considered different from simple web apps security?