310
Security for Web Service Interactions
not exist, the J2EE platform does not require one. Certificates must be handled in
a manner appropriate to the specific operational environment of the application.
A Web service can be implemented and deployed in either the Web tier or EJB
tier. The security mechanisms are the same at the conceptual level but differ in the
details. The endpoint type determines the mechanism for declaring that a Web
service endpoint requires SSL. For a Web tier endpoint (a JAX RPC service end
point), you indicate you are using SSL by setting to
CONFIDENTIAL
the
transport
guarantee
subelement of a
security constraint
element in the
web.xml
deploy
ment descriptor. This setting enforces an SSL interaction with a Web service end
point. (See Code Example 7.1.)
...
orderService
/mywebservice
POST
GET
CONFIDENTIAL
Code Example 7.1
Requiring SSL for Web Tier Endpoints
Setting up SSL for EJB tier endpoints varies according to the particular appli
cation server. Generally, for EJB endpoints a developer uses a
description
sub
element of the target EJB component to indicate that the component requires SSL
when deployed. Although EJB endpoints are required to support SSL and mutual
authentication, the specifications have not defined a standard, portable mechanism
for enabling this. As a result, you must follow application server specific mecha
nisms to indicate that an EJB endpoint requires SSL. Often, these are application
server specific deployment descriptor elements for EJB endpoints that are similar
to the
web.xml
elements for Web tier endpoints.
footer
Our web partners:
Inexpensive
Web Hosting
Java Web Hosting
personal webspace
webspace php
linux webhost
html web templates
DreamweaverQuality Web Templates
PSD Web Templates
cheap webhost
j2ee web Hosting
buy webspace
ftp webspace
adult webspace
frontpage WebHosting
webspace hosting
cheap webhost
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved
aol web hosting