File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Services and the fly likes Web services security implementation question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "Web services security implementation question" Watch "Web services security implementation question" New topic
Author

Web services security implementation question

Dhiren Joshi
Ranch Hand

Joined: Dec 09, 2003
Posts: 463
Hi All ,
I have a webservices inside a firewall that needs to be accessed by the DMZ servers ..
The firewall can only be crossed using message queues as no other ports are exposed. I can not make a direct connection to the SOAP services.
I have an application which already does reading of message queues and calling the web services inside the firewall. Web services security is not in place yet.
My question is that if I implement web services security can I still go this route across the firewall or do I need to call a web services directly . Does web services security require that only directly calling SOAP services can have web service security. If there is a in between proxy will the encrptyed info still remain intact when sent across as message.
Thanks
DJ
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
You'd have to specify what kind of "web services security" you're talking about. If the security comes from encryption in the transport layer (HTTPS), you'll need to intercept the requests and proxy them to the actual web service implementation through the message queue. If the security element is embedded into your SOAP envelopes (Digital Signatures and XML-Encryption), you shouldn't need to do anything extra because to an outsider (such as the message queue), the encrypted messages look just like any other SOAP envelope.


Author of Test Driven (2007) and Effective Unit Testing (2013) [Blog] [HowToAskQuestionsOnJavaRanch]
Dhiren Joshi
Ranch Hand

Joined: Dec 09, 2003
Posts: 463
Thanks for the quick response.
I want to implement security at the transport layer as well as the SOAP envelope.
If I do that. Does the transport layer handle the decrpytion encrytion similarly to a normal https request. I get that since SOAP envelope would not interfere at transport level ..it should behave similar to a https protocol whether to a servlet or to webservices.
Also I am slightly confused about the SOAP envelope implementation if I do thru the message queue.
The web service proxy client which sends the request over to the DMZ message queue .. will that need to have any extra implementations over a normal SOAP proxy.
Thanks
Dhiren
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
I'm unable to guide you with the proxy implementation. However, if you're working with WebSphere Network Deployment Edition and WebSphere MQ, you should be able to use a component called Web Services Gateway.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Web services security implementation question