320
Security for Web Service Interactions
7.3.4 Handling Authorization
Web service endpoints can restrict access to resources using the same declarative
authorization mechanisms available to other J2EE components. From a security
point of view, this capability facilitates integrating Web services with J2EE applica 
tions since the standard J2EE authorization mechanisms can be leveraged. When a
Web service is called and the calling client has been authenticated and its identity
established the container has the capability to check that the calling principal is
authorized to access this service endpoint. A Web service is also free to leave its
resources unprotected so that anyone can access its service.
Furthermore, components and resources accessed by the Web service end 
point may have their own access control policies, and these may differ from the
endpoint's policies. The service endpoint's interaction with other components and
resources is handled by the same mechanisms used by any J2EE component. That
is, the authorization mechanisms for Web service endpoints are the same as for
other components in the J2EE platform. 
The tier on which your endpoint resides determines how you specify and con 
figure access control. In general, to enable access control you specify a role and
the resource you want protected. Components in both tiers specify a role in the
same manner, using the 
security role
 element as shown in Code Example 7.8.
With Web tier endpoint components, access control entails specifying a URL
pattern that determines the set of restricted resources. For EJB tier endpoints, you
specify access control at the method level, and you can group together a set of
method names that you want protected. 
customer
Code Example 7.8
Configuring a Role for an Authorization Constraint
What does this mean in terms of a Web service's access control consider 
ations? Your Web service access control policy may influence whether you imple 
ment the service as a Web tier or an EJB tier endpoint. For Web tier components,
the granularity of security is specific to the resource and based on the URL for the
Web resource. For EJB tier components, security granularity is at the method
level, which is typically a finer grained level of control. 






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting