Chapter 7 Security
321
Let's consider a Web service with an interface containing multiple methods,
such as the one shown in Code Example 7.9, where you want different access pol 
icies for each method. For a service endpoint interface such as this you might
want to permit the following: Any client can browse the catalog of items available
for sale, only authorized customers for example, those clients who have set up
accounts can place orders, and only administrators can alter the catalog data. If
you implement the service with a Web tier endpoint, then each method has the
same protection because access control is the same for all methods that are bound
to the port at the endpoint's URL. To handle a service with an interface containing
multiple methods and different access policies, consider creating separate Web
services where each service handles a different set of authorization requirements. 
You have more flexibility if you implement the same Web service that has an
interface containing multiple methods with an EJB endpoint. By using an EJB
endpoint, you can set different authorization requirements for each method. See
the next section,  Controlling Access to Web Tier Endpoints,  and  Controlling
Access to EJB Tier Endpoints  on page 323.
public interface OrderingService extends java.rmi.Remote {
public Details getCatalogInfo(ItemType someItem) 
throws java.rmi.RemoteException;
public Details submitOrder(purchaseOrder po) 
throws java.rmi.RemoteException;
public void updateCatalog(ItemType someItem) 
throws java.rmi.RemoteException;
}
Code Example 7.9
Interface Methods Requiring Different Access Control
Keep in mind, however, that both Web and EJB tier endpoints can use pro 
grammatic APIs for finer grained security. If you are willing to write code for
access control, then both types of endpoints can be designed to handle the same
security capabilities. However, it is generally discouraged to embed security code
and use the programmatic security APIs in a component. A better approach keeps
the security policy externalized form the application code and uses the declarative
services with deployment descriptors.
E
If you require finer grained control for your access control policy, consider us 
ing an EJB endpoint, since it utilizes method level control.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting