I have a web service running in Standard Edition 1.6 on a server. There isn`t a full app server nor is it required except for exposing some functionality.
I decided to use the built in web service container in 1.6 and this is running quite flawlessly. The problem is security, i`m not even sure how to implement it nor if it is possible in 1.6.
Any ideas or someone who has done this before? I need some kind of auth based roles or user/pass access?
Now there is one real problem with all of the above - all the security measures are HTTP based. Web service security measures are supposed to be XML and SOAP based. The JAX-WS RI doesn't support WS-Security out of the box and needs at least the XWSS, possibly even the WSIT extension which I doubt will work on the Lightweight HttpServer - you'll probably have to go with a container like Tomcat or better.