Chapter 7 Security


335


1. You can make the security code and any supporting framework for message 


level security part of your application by placing it in the application's 


.ear


file. Although this is the portable approach, it may require more work. You 


should consider this approach if your situation necessitates it.


2. You can use application server specific extensions that explicitly provide mes 


sage level security. This is the preferred approach. Since vendors try to make 


new features available before standards are finalized, some application servers 


may offer nonstandard extensions that integrate some message level security 


capabilities. Eventually these specifications may become part of the standard 


J2EE platform, but they may differ from the implementations offered by these 


early adopters. Although it may not be portable, it is the easier approach and 


more likely to provide the intended security. 


Some of these technologies are more mature than others. For example, the


Java Web Services Developer Pack (Java WSDP) toolkit has already incorporated


some of the digital signature standards. Java WSDP is an integrated toolkit from


Sun Microsystems that allows Java developers to build and test XML applica 


tions, Web services, and Web applications using the latest Web service technolo 


gies and standards implementations. The Java WSDP toolkit is available at


http://java.sun.com/webservices/


. In addition, some Apache Foundation


projects include implementations of emerging message level security capabilities. 


Let's look at how you might implement a portable strategy to incorporate


message level security into your J2EE application. Note that while this is possi 


ble, it is not a task for every application developer since it is usually quite difficult


to write truly secure code. You should attempt this only if you feel comfortable


handling security code, since it involves writing a framework for security. How 


ever, it may be a useful strategy if you need to use message level security today


and cannot wait for it to be incorporated into the J2EE platform. 


Suppose you want to add a digital signature to a message involved in a single


exchange between two participants. First, try to leverage existing J2EE technolo 


gies and mechanisms. For example, because JAX RPC is the primary message


exchange technology for Web service interactions, try to plug in your security


code to the SOAP messages that JAX RPC exchanges. This may enable your Web


services with message level security. You can then leverage the JAX RPC built in


mechanisms to manipulate the XML messages being exchanged.


Recall from Chapter 2 that JAX RPC has handlers that provide a mechanism


to intercept a SOAP message at various points during processing of request and








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      
 

    

  

  




Our web partners:
Inexpensive 
Web Hosting 



Java Web Hosting


personal webspace


webspace php 


linux webhost
 




 html web templates




DreamweaverQuality Web Templates


PSD Web Templates
 





cheap webhost


j2ee web Hosting


buy webspace


ftp webspace


adult webspace
 





frontpage WebHosting


webspace hosting


cheap webhost


Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved



aol web hosting