308
Security for Web Service Interactions
tion. When a component's interactions with an external resource include sensitive
information, these sensitivities should be described in the 
description
 subele 
ment of the corresponding 
resource ref
. These elements make sensitive informa 
tion available when security requirements are set at deployment. 
7.3
Security for Web Service Interactions
Developers that rely on JAX RPC to exchange messages between Web service end 
points and clients leverage the security services provided by the J2EE platform. The
J2EE platform supports the WS I Basic Profile 1.0 specifications for secure interop 
erable Web service interactions. WS I security compliance requires HTTPS and
single hop security for a request and reply between a client and service. The Basic
Profile requires that the transport layer of HTTPS be combined with additional
mechanisms for basic and mutual authentication. 
The J2EE platform provides Web tier and EJB tier endpoints with similar
security mechanisms for Web services. Most J2EE developers should already be
familiar with its security mechanisms, since the platform already provides trans 
port layer security and authentication support for non Web service interactions
involving browsers and Web pages. 
With Web service interactions, both the request and the reply may have secu 
rity requirements. In addition, Web service endpoints must interact securely with
other components and resources when processing requests. Developers may also
leverage other J2EE platform security mechanisms, such as authorization, to
design and build secure Web services.
7.3.1 Endpoint Programming Model
Let's first look at the endpoint programming model and see how to design and
implement a secure Web service interaction on the J2EE platform, that is, how to
authenticate and establish a secure HTTPS channel. As with any J2EE component,
you can use declarative mechanisms to define the security for a Web service end 
point. Similarly, you may include programmatic security mechanisms in your Web
service endpoints, and your service endpoint can leverage the platform's declarative
mechanisms.
The key requirements for a secure Web service interaction are authentication
and establishing a secure SSL channel for the interaction. Let's first examine how
to secure the transport layer, and then we'll look at the available authentication
mechanisms.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting