Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

authentication is needed for access control

 
Ranch Foreman
Posts: 1922
13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In EPractice lab, a question

"EPractice Labs order management business logic is implemented in EJB components and running in www123testlab.com server. The license server located in www.epracticelabs.com access these components via RMI with container-managed security. Customer role can access processLicense method and admin role can access delete/update business method. The technical team wants to use these business services in PHP and ASP web applications."
Which container-managed web service security mechanism would the technical team use to allow PHP and ASP web service clients to use the current security model?"
Select one:
A. annotations mapped to JAX-WS runtime
B. HTTP basic authentication
C. XML digital signature
D. XKMS.
The given answer is A. EPractice Lab explains " annotations play a critical role in JAX-WS. First, annotations are used in mapping Java to WSDL and schema. Second, annotations are used a runtime to control how to the JAX-WS runtime processes and responds to web service invocations."



I think the answer should be A and B.

I think the service should annotated the methods with @RolesAllowed like this :

In sun-ejb-jar.xml, basic authentication can be specified:


The reason why we still need this sun-ejb-jar.xml file to specify authentication method because the web container should authenticate the users first before the EJB container authorizes the users (eg authorizes John Smith who is a customer to access the processLicense() method.)
 
I RELEASE YOU! (for now .... ) Feel free to peruse this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic