308


Security for Web Service Interactions


tion. When a component's interactions with an external resource include sensitive


information, these sensitivities should be described in the 


description


 subele 


ment of the corresponding 


resource ref


. These elements make sensitive informa 


tion available when security requirements are set at deployment. 


7.3


Security for Web Service Interactions


Developers that rely on JAX RPC to exchange messages between Web service end 


points and clients leverage the security services provided by the J2EE platform. The


J2EE platform supports the WS I Basic Profile 1.0 specifications for secure interop 


erable Web service interactions. WS I security compliance requires HTTPS and


single hop security for a request and reply between a client and service. The Basic


Profile requires that the transport layer of HTTPS be combined with additional


mechanisms for basic and mutual authentication. 


The J2EE platform provides Web tier and EJB tier endpoints with similar


security mechanisms for Web services. Most J2EE developers should already be


familiar with its security mechanisms, since the platform already provides trans 


port layer security and authentication support for non Web service interactions


involving browsers and Web pages. 


With Web service interactions, both the request and the reply may have secu 


rity requirements. In addition, Web service endpoints must interact securely with


other components and resources when processing requests. Developers may also


leverage other J2EE platform security mechanisms, such as authorization, to


design and build secure Web services.


7.3.1 Endpoint Programming Model


Let's first look at the endpoint programming model and see how to design and


implement a secure Web service interaction on the J2EE platform, that is, how to


authenticate and establish a secure HTTPS channel. As with any J2EE component,


you can use declarative mechanisms to define the security for a Web service end 


point. Similarly, you may include programmatic security mechanisms in your Web


service endpoints, and your service endpoint can leverage the platform's declarative


mechanisms.


The key requirements for a secure Web service interaction are authentication


and establishing a secure SSL channel for the interaction. Let's first examine how


to secure the transport layer, and then we'll look at the available authentication


mechanisms.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      
 

    

  

  




Our web partners:
Inexpensive 
Web Hosting 



Java Web Hosting


personal webspace


webspace php 


linux webhost
 




 html web templates




DreamweaverQuality Web Templates


PSD Web Templates
 





cheap webhost


j2ee web Hosting


buy webspace


ftp webspace


adult webspace
 





frontpage WebHosting


webspace hosting


cheap webhost


Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved



aol web hosting