• Post Reply Bookmark Topic Watch Topic
  • New Topic

SOAP Webservices Security

 
Vaibhav Gargs
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We are developing the SOAP webservices. And, as per the requirement, we have to implement security in the webservices.

Can you please suggest some tutorials on implementing security? Also, please share your experiences, if any, which is the best way to implement security..
 
Tim Moores
Saloon Keeper
Posts: 3259
54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The standard for WS security is named "WS-Security", and all major SOAP stacks support it. Since the details differ between stacks, you should consult the documentation of whichever one you're using. It probably has examples as well.

You should also think beforehand about what "implementing security" means for your WS.
 
Vaibhav Gargs
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Tim for your valuable inputs. We are planning to use Apache Axis2 for implementing the Webservice. Can you please suggest some good tutorial to implement security using Axis2?

Also, will it be fine if we just add SSL Certificates to our Webservices? Will it suffice the security?
 
Tim Moores
Saloon Keeper
Posts: 3259
54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For Axis2 you need the Rampart module, which you'll find somewhere close to the Axis2 download. The Axis2 web site had tons of documentation and example code.

If you're planning to use WS-Security, then encryption is already taken care of, so SSL would not generally be needed.

As I said, only you can say what constitutes "sufficient security". You'll need to do a risk analysis to see what possible attack vectors are, and how best to defend against those attacks.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!