316


Security for Web Service Interactions


grammatic JAX RPC APIs to set the username and password properties on stubs


for J2EE components. Thus, J2EE application servers are not required to support


components programmatically setting these identifier values. 


If the endpoint requires mutual authentication, the application server instance


environment is set at deployment with the proper certificates such that they are


available to the J2EE container. Since a client component's deployment descrip 


tors have no portable, cross platform mechanism for setting these security arti 


facts, they must be set using the particular application server's own mechanisms.


In other words, an enterprise bean or servlet component that interacts with a Web


service requiring mutual authentication must, at deployment, make the appropri 


ate digital certificates available to the component's host container. The client's


container can then use these certificates when the component actually places the


call to the service.


Once the environment is set, a J2EE component can make a secure call on a


service endpoint in the same way that it ordinarily calls a Web service it looks


up the service using JNDI, sets any necessary parameters, and makes the call. (See


Chapter 5 for details.) The J2EE container not only manages the HTTPS transport,


it handles the authentication for the call using the digital certificate or the values


specified in the deployment descriptor.


7.3.3 Propagating Component Identity


Web service endpoints and other components can be clients of other Web services


and J2EE components. Any given endpoint may be in a chain of calls between com 


ponents and Web service endpoints. Also, non Web service J2EE components can


make calls to Web services. Each call between components and endpoints may have


an identity associated with it, and this identity may need to be propagated. 


There are two cases of identity propagation, differentiated by the target of the


call. Both cases start with a caller that is a J2EE component including a compo 


nent that is a Web service endpoint. In the first case, the J2EE component or end 


point calls a J2EE component that is 


not


 a Web service. In the second case, the


J2EE component or Web service makes JAX RPC calls to a Web service. 


7.3.3.1


Propagating Identity to Non Web Service Components


All J2EE components have an invocation identity, established by the container, that


identifies them when they call other J2EE components. The container establishes


this invocation identity using either the 


run as(role name)


 or 


use caller 








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      
 

    

  

  




Our web partners:
Inexpensive 
Web Hosting 



Java Web Hosting


personal webspace


webspace php 


linux webhost
 




 html web templates




DreamweaverQuality Web Templates


PSD Web Templates
 





cheap webhost


j2ee web Hosting


buy webspace


ftp webspace


adult webspace
 





frontpage WebHosting


webspace hosting


cheap webhost


Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved



aol web hosting