Chapter 7 Security
311
7.3.1.2
Specifying Mutual Authentication
You can also specify HTTPS with mutual authentication for a Web service endpoint.
For Web tier endpoints, you first specify a secure transport (see the previous section)
and then, in the same deployment descriptor, set the
auth method
element to
CLIENT CERT
. (See Code Example 7.2.)
CLIENT CERT
Code Example 7.2
Requiring Mutual Authentication for Web Tier Endpoints
The combination of the two settings
CONFIDENTIAL
for
transport
guarantee
(see Code Example 7.1
)
and
CLIENT CERT
for
auth method
enables
mutual authentication. When set to these values, the containers for the client and
the target service both provide digital certificates sufficient to authenticate each
other. (These digital certificates contain client specific identifying information.)
Specifying mutual authentication for EJB service endpoints is specific to each
application server. Usually it is done in a similar manner to specifying mutual
authentication for Web tier endpoints.
7.3.1.3
Specifying Basic and Hybrid Authentication
With basic authentication, a Web service endpoint requires a client to authenticate
itself with a username and password. The type of the Web service endpoint deter
mines how to specify requiring basic authentication for the service. For a Web tier
(JAX RPC) service endpoint, set the
auth method
element to
BASIC
for the login
configuration (
login config
) element in the
web.xml
deployment descriptor, as
shown in Code Example 7.3:
BASIC
some_realm_name
Code Example 7.3
Requiring Basic Authentication for Web Tier Endpoints
footer
Our web partners:
Inexpensive
Web Hosting
Java Web Hosting
personal webspace
webspace php
linux webhost
html web templates
DreamweaverQuality Web Templates
PSD Web Templates
cheap webhost
j2ee web Hosting
buy webspace
ftp webspace
adult webspace
frontpage WebHosting
webspace hosting
cheap webhost
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved
aol web hosting