310
Security for Web Service Interactions
not exist, the J2EE platform does not require one. Certificates must be handled in
a manner appropriate to the specific operational environment of the application.
A Web service can be implemented and deployed in either the Web tier or EJB
tier. The security mechanisms are the same at the conceptual level but differ in the
details. The endpoint type determines the mechanism for declaring that a Web
service endpoint requires SSL. For a Web tier endpoint (a JAX RPC service end 
point), you indicate you are using SSL by setting to 
CONFIDENTIAL
 the 
transport 
guarantee
 subelement of a 
security constraint
 element in the 
web.xml
 deploy 
ment descriptor. This setting enforces an SSL interaction with a Web service end 
point. (See Code Example 7.1.)
...
orderService
/mywebservice
POST
GET
CONFIDENTIAL
Code Example 7.1
Requiring SSL for Web Tier Endpoints
Setting up SSL for EJB tier endpoints varies according to the particular appli 
cation server. Generally, for EJB endpoints a developer uses a 
description
 sub 
element of the target EJB component to indicate that the component requires SSL
when deployed. Although EJB endpoints are required to support SSL and mutual
authentication, the specifications have not defined a standard, portable mechanism
for enabling this. As a result, you must follow application server specific mecha 
nisms to indicate that an EJB endpoint requires SSL. Often, these are application
server specific deployment descriptor elements for EJB endpoints that are similar
to the 
web.xml 
elements for Web tier endpoints.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting