It's not a secret anymore!*
The moose likes Security and the fly likes designing security for soa applications Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "designing security for soa applications" Watch "designing security for soa applications" New topic
Author

designing security for soa applications

Joe Robles
Greenhorn

Joined: Jan 13, 2009
Posts: 11
Hi all,

I am working on a service that is part of many services in a large SOA architecture based enterprise application. My service is a pojo based application that is deployed on weblogic server and uses Spring for autowiring the components.
The clients of this service are other serives. There are webservices, rmi and socket based clients. The webservices clients are two types - soap and simple http url based xml requests. The requirement is to desing security to my service that is independent of the client request type.
The service is supposed to process a quarter million requests per day and 99% of them are simple http requests.

The requirement is to design security to my service that is independent of the client request types.

The high level requirements are:

a) The security implementation must not be tied to a particular tool/technology as fara as possible, in case the service needs to be deployed on a different vendor specific application server.

b) Some clients applications/services send user credentials and some do not; How to design security in terms of authentication, authorization and access control that handles both the cases.

c) How to implement security specific to webservices which MUST be common to soap and simple http requests.

I am new to security and webservices. I did some home work and came across digital cetificates in case of authorization and filters for common seecurity for soap and simple http/rest like requests.
But I do not enough information to have a head start in terms of techologies, design and implementation.

Thus any pointers related to my problem domain in terms of security patterns/web site urls/books/technologies/examples would be HIGHLY appreciated.

Thank you in advance for your valuable time and interest.
 
wood burning stoves
 
subject: designing security for soa applications
 
Similar Threads
Sample Questions for 288 - Need answers
What would you like to see on my blog?
IBM Test 667 - SOA ( What should I study? )
What would be the correct answers for this Q.s from 669 sample test
Any feedback for SCDJWS Beta?