File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Webservice Security methods ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Webservice Security methods ?" Watch "Webservice Security methods ?" New topic

Webservice Security methods ?

Rahul Juneja
Ranch Hand

Joined: Aug 03, 2002
Posts: 425
I am planning to implement security on webservices. Whats the best way to do it ?

X.509 -- 10 webservices which needs to be verified for the client who accesses it, which can be done with certificates, but i don't have much idea about certificates. I have created a keystore with keytool now whats the next thing i need to do ? Is there any way i can create some internal certificates for my development purpose and then move to some certificate provider once moving to production ?

Also for implementing security on webservices can we create webservice handlers and implement the authentication or role based checks security in that. Are there any practical links where i can see step by step guide to implement security to a webservice.

Atlast any clues about certificates or any kind of webservice security links or guide is highly appreciated.

I have heard about WS-Security but was not able to find any easy guide to implementing one on any webservice. I am creating EJB3 webservices with annotations and deploying on jboss server.


Rahul Juneja
ThoughtClicks -
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
There are many facets to security. Are you solely interested in client certificates, or would other forms of authentication be acceptable as well? WS-Security also covers encryption and digital signing which might be if value.

A problem with the WS-Security standard is that there is no single way how to use it WS implementation. So using it with JBoss will be different from using it with Axis or Metro; you'll need to check the JBoss documentation for information on how to apply it.
Rahul Juneja
Ranch Hand

Joined: Aug 03, 2002
Posts: 425
I am thinking of implementing it with a combination of certificates and role based security.

Can you guide me to any specific links where i can find the sample implementation and i think it would be good if we can find a generic solution incase we port the webservices to a different server in future.

Also i am considering Oracle SOA suite and OracleAs for deploying webservices. Any specific hint to Oracle will also help me a lot.

Any help appreciated.

I agree. Here's the link:
subject: Webservice Security methods ?
It's not a secret anymore!