I've deployed a WSS using Axis2, but the issue is that me and neither the iPhone developer have an idea how the iPhone can consume the secured web service that has a .jks file and also uses a certificate.
So my question is...
Does anyone know how an iPhone can consume a secured web service in Java? by the way, Is security really necessary when the only client to consume my web service is gonna be mobile devices? if so... Is there another framework I can use to implement security into my web service and most importantly, make the iPhone able to consume it?
Thank you so much,
Hope to get your reply soon because I'm desperately looking for a solution...
Gregg Bolinger wrote:The iPhone SDK has no way of consuming web services that aren't RESTful, secure or insecure.
So you're saying that if I have a RESTful web service I wouldn't need to worry about security at all? if is that so... I would thank for the help and immediately start migrating my web service to use RESTful!
No, that's not what I said. You should always worry about security. I was just saying that security was a moot point since the SDK can't consume your services regardless. I'd recommend moving to RESTful in most situations these days also.
Joined: Jan 22, 2009
Gregg Bolinger wrote:No, that's not what I said. You should always worry about security. I was just saying that security was a moot point since the SDK can't consume your services regardless. I'd recommend moving to RESTful in most situations these days also.
Ohhh OK.. Thanks for the quick reply! so I'm gonna start migrating my web service to use RESTful... I've seen that axis can now deploy RESTful web services... so, what would you recommend me to use? stick with Axis2 or there's a better and more simple framework that I can work with?
hmmm.. one last question... does secure RESTful web services also need a jks file and a certificate to make it work properly or the security is all made programaticaly???
If axis2 does what you need, I see no reason to switch. I have been doing most of my RESTful work within Grails so I can't recommend anything right now. As far as security goes, my general use case is SSL with a cert, obviously. The rest of the security lies within my application code. Locking down URL's via spring security (what was acegi).
The last time I looked, the Axis2 implementation of RESTful services was an gross kludge on top of SOAP, incapable of handling the finer points of REST. You should take a serious look at the Jersey project.
Joined: Jan 22, 2009
Thank you guys for the amazing support! I'll definitely take a good look at the Jersey project before starting out with axis2... I've got some problems with it while trying to enable axis2 to use RESTful services, so that's one of the reasons why I'm gonna read Jersey's documentation before actually start deploying RESTful on my service using axis2.