I am going to ask several things in this post. Be patient at my ignorance.
I am bit confused as to what the right approach is, what components to use when securing web services in tomcat 6. Any suggestions you can provide is greatly appreciated. Currently I have a web service running in tomcat6 (SOAP, HTTP). I want to secure this web service.
From documentation it appears tomcat6 supports JAXWS. I packaged by web service with JAXWS jar files. Apart from this I do not see any JAXWS specific jar files in the apache-tomcat directories. So how is this web service running in tomcat? Does JAXWS use the servlet mechanism to support web services when using JAXWS?
I know if I use axis I have to first put axis jar files in tomcat libraries. If I develop a web service using axis and deploy into tomcat, will it run in the context of axis web application. Is that a true statement?
Coming to Securing the web service, if I want to secure a Web Service developed using JAXWS, using WS-Security standard, what are the things I need to do? Do I have to put axis or CXF or Metro in tomcat to secure my web service? Can I do that without any of them but use simply JAXWS? If I put axis in tomcat, can I secure the web seervice that I developed using JAXWS initially? would it clash with axis?