Chapter 7 Security
337
Web Service
Endpoint
Handler
SAAJ
Security Library
SOAP Message
Figure 7.7
Implementing Message Level Security
You may want to combine message level security with other J2EE declarative
and programmatic security mechanisms. For example, you may want to use
HTTPS as the transport protocol even though the document is signed by a
message level mechanism. If you choose to use any of the J2EE declarative or
programmatic security mechanisms along with JAX RPC handlers, keep in mind
the order in which the security constraints are enforced:
1. The container applies the declarative security mechanisms first.
2. The handlers run and apply their checks.
3. J2EE programmatic security mechanisms run after the handler checks.
You can also combine security mechanisms by adding some secure message
level functionality to an existing transport level security solution. For example, if
you have an existing Web service that uses SSL, you may want to add message
level integrity or confidentiality. Adding this security at the message level ensures
that integrity or confidentiality persist beyond the transport layer.
7.5
Conclusion
This chapter explained the J2EE platform security model as it applies to Web
service endpoints and showed how to use the platform security model in different
footer
Our web partners:
Inexpensive
Web Hosting
Java Web Hosting
personal webspace
webspace php
linux webhost
html web templates
DreamweaverQuality Web Templates
PSD Web Templates
cheap webhost
j2ee web Hosting
buy webspace
ftp webspace
adult webspace
frontpage WebHosting
webspace hosting
cheap webhost
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved
aol web hosting