Win a copy of 97 Things Every Java Programmer Should Know this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • salvin francis
  • fred rosenberger

authentication is needed for access control

 
Ranch Foreman
Posts: 1898
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In EPractice lab, a question

"EPractice Labs order management business logic is implemented in EJB components and running in www123testlab.com server. The license server located in www.epracticelabs.com access these components via RMI with container-managed security. Customer role can access processLicense method and admin role can access delete/update business method. The technical team wants to use these business services in PHP and ASP web applications."
Which container-managed web service security mechanism would the technical team use to allow PHP and ASP web service clients to use the current security model?"
Select one:
A. annotations mapped to JAX-WS runtime
B. HTTP basic authentication
C. XML digital signature
D. XKMS.
The given answer is A. EPractice Lab explains " annotations play a critical role in JAX-WS. First, annotations are used in mapping Java to WSDL and schema. Second, annotations are used a runtime to control how to the JAX-WS runtime processes and responds to web service invocations."



I think the answer should be A and B.

I think the service should annotated the methods with @RolesAllowed like this :

In sun-ejb-jar.xml, basic authentication can be specified:


The reason why we still need this sun-ejb-jar.xml file to specify authentication method because the web container should authenticate the users first before the EJB container authorizes the users (eg authorizes John Smith who is a customer to access the processLicense() method.)
 
Catch Ernie! Catch the egg! And catch this tiny ad too:
Devious Experiments for a Truly Passive Greenhouse!
https://www.kickstarter.com/projects/paulwheaton/greenhouse-1
    Bookmark Topic Watch Topic
  • New Topic