294

Security Scenarios

Application

Client

Web Service Endpoint

Web Service 

Connector

Endpoint

Web Container

Web Service Endpoint

Connector

EIS System

Enterprise bean

Entity bean

EJB Container

Database

Figure 7.1

Anatomy of a Web Service Interaction

E

However, designing a secure Web service involves more than just securing the 

initial interaction between the client and the service. For a truly secure service, 

you must also consider the security needs of the Web service endpoint's sub 

sequent interactions with other J2EE components, resources, and so forth, that 

it undertakes to process the request. 

Most client requests to a service require the service to access a series of com 

ponents to fulfill the request and each call might have its own, unique security

requirement. This results in a chain of calls to various components, some of which

might be within the initiating component's security domain and others of which

are outside that security domain. With such a chain of component calls, each

cooperating component in the chain must be able to negotiate its security require 

ments. In addition, components along the chain might use different security proto 

cols. In short, security needs to flow from a client to a called component, then to

other components and resources, while passing through different security policy

domains. 

A J2EE application must be able to integrate its own security requirements

and mechanisms with those of different components and systems. For example, a

client might make a request to a Web service. The client call is to an endpoint,

which in turn might call other Web services, make IIOP calls, access resources,

and access local components. Each component other Web services, local and