Chapter 7 Security


293


needs to those of Web based enterprise applications (such as browser based applica 


tions accessing Web sites). Typically, Web site and Web service application use


cases involve access to services through the Internet or an intranet, allow users to


access certain sets of resources but not others, and allow users to perform some set


of actions. In addition, users might require access to other resources, such as a data 


base, and they might need to interact with other applications.


Some of the security needs of Web site applications and Web services are very


similar. For example, a Web site application must authenticate its users, and a Web


service application must authenticate its clients. However, Web services applica 


tions have additional security needs, because their use cases are typically applica 


tion to application rather than user to application and because their


communication interaction uses new technologies. Later in this chapter we


examine security issues specific to Web services, plus we look at the specific


details for implementing Web services specific security mechanisms. 


Let's first look at some typical Web services scenarios and examine the secure


interactions between clients and services. Not only do we look at security issues


relevant to client and service interactions, we also examine how service endpoints


interact in a secure manner with resources and components of an enterprise to


process requests. Before doing so, however, we examine basic security require 


ments.


7.1.1 General Security Requirements


Although varying greatly in implementation and functionality, J2EE Web services


scenarios have common security requirements. They require certain security con 


straints for message exchange interactions and data passing between a client and a


service. In addition to securing service and client interactions, Web service end 


points must be able to securely access other J2EE components (such as entity beans)


and external resources (such as databases and enterprise information systems) to


process client requests. While processing a client request, service endpoints may


also need to interact with other Web services, and this, too, must be done in a secure


manner.


Figure 7.1 shows a Web service interaction in which a client request to the


service causes the service endpoint to interact with other components, resources,


and systems. It illustrates that a Web service request can take many paths and


result in interactions with different containers, components, and resources, includ 


ing other Web services. Requests to a Web service start with a client sending a


message to a Web service endpoint running in a Web or EJB container.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      
 

    

  

  




Our web partners:
Inexpensive 
Web Hosting 



Java Web Hosting


personal webspace


webspace php 


linux webhost
 




 html web templates




DreamweaverQuality Web Templates


PSD Web Templates
 





cheap webhost


j2ee web Hosting


buy webspace


ftp webspace


adult webspace
 





frontpage WebHosting


webspace hosting


cheap webhost


Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved



aol web hosting