312
Security for Web Service Interactions
For a Web service with an EJB endpoint, you use the application server 
specific mechanisms to require basic authentication. Often, each application
server's deployment descriptor includes an element for authentication for an EJB
service endpoint that is analogous to the 
web.xml
auth method
 element.
A Web service may also require hybrid authentication, which is when a client
authenticates with basic authentication and SSL is the transport. The client
authenticates with a username and password, the server authenticates with its
digital certificate, and all of this occurs over a HTTPS connection. Hybrid authen 
tication compensates for HTTP basic authentication's inability to protect pass 
words for confidentiality. This vulnerability can be overcome by running the
authentication protocols over an SSL protected session, essentially creating a
hybrid authentication mechanism. The SSL protected session ensures confidenti 
ality for all message content, including the client authenticators, such as username
and password.
Enabling hybrid authentication for a Web service endpoint generally requires
two operations (both previously discussed): setting the transport to use the confi 
dentiality mechanism of HTTPS and setting the authentication of the client to use
basic authentication. For EJB endpoints, you use application server specific
mechanisms. For Web endpoints, you set deployment descriptor elements. Code
Example 7.4 demonstrates how to configure hybrid authentication by combining
the deployment descriptor choices for basic authentication and confidential trans 
port.
...
CONFIDENTIAL
...
BASIC
some_realm_name
...
Code Example 7.4
Requiring SSL Hybrid Authentication for Web Tier Endpoints






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting