• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Usage of the Username Token Profile

 
Ranch Hand
Posts: 132
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Ranchers,

I've written a simple Hello World JAX-WS webservice. Now, I want to secure this service, so that only specific users (with username and password) can access this webserivce. My understandig is that the Username Token Profile is here the right utility to implement this.

Until now, I've used Eclipse to build the service and I've use a bottom-up approach, so that I've just write my Java classes and annotated them. The wsdl-file is generated when I deploy my service to my server. I've searched for annotations - or something like this - which gives me the possibility to add the security features to my Java classes, but I've don't find anything.

It seams to me, that the bottom-up approach can't solve this problem, and that I've to deal directly now with the WSDL-file. Is this correct, or am I on the wrong side of the street ?

Greeting,
Christian
 
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi

May be you can make your web service as EJB session bean and add the annotation like @ RolesAllowed.

This is same as presenting the BASIC LEVEL Authentication with servlets.

Please skip the above suggession, if you don't like.
 
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Right, as Udaykumar suggested, you might consider using the HTTP BASIC authentication. It really depends how secure the service should be ...

Please have a look at JAX-WS and BASIC authentication, when user names and passwords are in a database.

Regards,
Dan
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, you really shouldn't be using Basic Authentication; WS-Security (with a Username Token) is the way to go.

Unfortunately, WS-Security isn't integrated with JAX-WS, so there aren't any annotations you can use to configure it. But if you're using the Metro stack, then you have everything you need to add WS-Security to JAX-WS; check its documentation for examples.
 
hangman
Posts: 220
Angular Framework Ubuntu Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

But if you're using the Metro stack, then you have everything you need..



Thanks, I think the Metro stack comes with Glassfish v3, is that correct?
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I think the Metro stack comes with Glassfish v3, is that correct?


Yes.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic