• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

authentication is needed for access control

 
Himai Minh
Ranch Hand
Posts: 1329
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In EPractice lab, a question
"EPractice Labs order management business logic is implemented in EJB components and running in www123testlab.com server. The license server located in www.epracticelabs.com access these components via RMI with container-managed security. Customer role can access processLicense method and admin role can access delete/update business method. The technical team wants to use these business services in PHP and ASP web applications."
Which container-managed web service security mechanism would the technical team use to allow PHP and ASP web service clients to use the current security model?"
Select one:
A. annotations mapped to JAX-WS runtime
B. HTTP basic authentication
C. XML digital signature
D. XKMS.
The given answer is A. EPractice Lab explains " annotations play a critical role in JAX-WS. First, annotations are used in mapping Java to WSDL and schema. Second, annotations are used a runtime to control how to the JAX-WS runtime processes and responds to web service invocations."


I think the answer should be A and B.

I think the service should annotated the methods with @RolesAllowed like this :

In sun-ejb-jar.xml, basic authentication can be specified:


The reason why we still need this sun-ejb-jar.xml file to specify authentication method because the web container should authenticate the users first before the EJB container authorizes the users (eg authorizes John Smith who is a customer to access the processLicense() method.)
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic