What is the best prctice for using security in JAX-WS

Posted by kislo_metal on Stack Overflow See other posts from Stack Overflow or by kislo_metal
Published on 2010-05-05T19:06:30Z Indexed on 2010/05/05 23:38 UTC
Read the original article Hit count: 268

Filed under:

jax-ws

|

ejb3

|

php

|

security

|

jaas

Here is scenario : I have some web services (JAX-WS) that need to be secured. Currently for authentication needs I providing addition SecurityWService that give authorized user some userid & sessionid that is need to be described in request to other services.

It would be more better to use some java security. We have many of them but could not defined what is better to use.

Q1 : It is understand that I should use SSL in transport layer, but what should I use for user authorization. Is there is better way to establishing session, validating user etc. ?

Here is some key description :

Most web services clents is php based.
I am using jax-ws implementation as a Stateless session EJB.
Deploying to glassfish v3.

Q2: what is the best framework / technology for user authorization / authentication in case of using JSF 2.0 and ejb3.1 technologies ( Realms? WSIT? )?

Thank You!

© Stack Overflow or respective owner

Related posts about jax-ws

jax-ws change Content-type to Content-Type because server is hyper sensitive

as seen on Stack Overflow - Search for 'Stack Overflow'
I have to connect to a poorly implemented server that only understands Content-Type(capital-T) and not Content-type. How can I ask my jax-ws client to send Content-Type? I've tried Map<String, List<String>> headers = (Map<String, List<String>>) ((BindingProvider)port).getRequestContext()… >>> More
Failed sending bytes array to JAX-WS web service on Axis

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I have made a small example to show my problem. Here is my web-service: package service; import javax.jws.WebMethod; import javax.jws.WebService; @WebService public class BytesService { @WebMethod public String redirectString(String string){ return string+" - is what you sended"; } @WebMethod … >>> More
jax-ws on glassfish3 init method

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi all, I've created simple jax-ws (anotated Java 6 class to web service) service and deploied it on glassfish v3. The web.xml <?xml version="1.0" encoding="ISO-8859-1"?> <web-app> <servlet> <servlet-name>MyServiceName</servlet-name> <description>Blablabla</description> … >>> More
Can't get JAX-WS binding customization to work

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi! I'm trying to resolve a name clash in a wsdl2java mapping with CXF 2.2.6 The relevant wsdl snippets are: <types>... <xs:schema... <xs:element name="GetBPK"> <xs:complexType> <xs:sequence> <xs:element name="PersonInfo"… >>> More
cxf jaxws with spring on gwt 2.0

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm trying to use an application which uses cxf-jaxws in bean definition: <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:jaxws="http://cxf.apache.org/jaxws" … >>> More

Related posts about ejb3

Error in Jboss 5- DEPLOYMENTS MISSING DEPENDENCIES

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi! I'm new to ejb3. I tried deploying a simple war file.. But, I'm getting the following error. Plz, help me... DEPLOYMENTS MISSING DEPENDENCIES: Deployment "jboss.j2ee:jar=EJB3-war.war,name=Statelessbean,service=EJB3_endpoint" is missing the following dependencies: Dependency "jboss… >>> More
logback with EJB3.1

as seen on Stack Overflow - Search for 'Stack Overflow'
I am using logback/slf4j to handle logging in my application. Everything was working perfectly until I started using EJBs. Once I added a stateless EJB to my app, the logger started ignoring my logback.xml and stopped using my appenders. I switched to a programmatic logger configuration to see what… >>> More
EJB3 Remote vs Webservices, performances?

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello I'm planning to a webapp where every guy using it would have a client that would run computations on its computer (because these computations can't be done on the server, too much load...), and then send results to the server. I guess there will be lot of people interested in my application… >>> More
Best current framework for unit testing EJB3 / JPA

as seen on Stack Overflow - Search for 'Stack Overflow'
Starting new project using EJB 3 / JPA, mainly stateless session beans and batch jobs. I've used JUnit in the past on standard Java webapps and it seemed to work pretty well. In EJB2 unit testing was a pain and required a running container such as JBoss to make the calls into. Now that we're going… >>> More
Problem in creation MDB Queue connection at Jboss StartUp

as seen on Stack Overflow - Search for 'Stack Overflow'
I am not able to create a Queue connection in JBOSS4.2.3GA Version & Java1.5, as I am using MDB as per the below details. I am putting this MDB in a jar file(named utsJar.jar) and copied it in deploy folder of JBOSS, In the test env. this MDB works well but in another env. [ env settings and… >>> More