322
Security for Web Service Interactions
7.3.4.1
Controlling Access to Web Tier Endpoints
To control access to a Web component such as a Web service endpoint, the Web
deployment descriptor specifies a 
security constraint
 element with an 
auth 
constraint
 subelement. Code Example 7.10 illustrates the definition of a protected
resource in a Web component deployment descriptor. The descriptor specifies that
only clients acting in the role of 
customer
 can access the URL 
/mywebservice
. Note
that this URL maps to all the methods in the service endpoint interface. Hence, all
methods have the same access control.
....
orderService
/mywebservice
POST
GET
customer
...
...choose either basic or client(for mutual authentication)
customer
Code Example 7.10
Web Resource Authorization Configuration
In addition to controlling access to Web components, an application can
provide unrestricted access to unprotected resources, such as a Web service end 
point, by omitting an authentication rule. Omitting authentication rules allows
unauthenticated users to access Web components. 






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

 

Our web partners: Inexpensive Web Hosting Java Web Hosting personal webspace webspace php  linux webhost

 html web templates DreamweaverQuality Web Templates PSD Web Templates

cheap webhost j2ee web Hosting buy webspace ftp webspace adult webspace

frontpage WebHosting webspace hosting cheap webhost

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved

aol web hosting