Securing a web service means to add security measures to prevent one or more of the following:
1. Unauthorized access to the services of the web service.
2. Tampering of the data sent to and received from the web service.
3. Third party from reading the data sent to and received from the web service.
Examples of measures that can be taken to secure the web service (matching the requirements above):
1. Adding a login mechanism or requiring clients to present a security token from a trusted security service.
2. Checksumming all, or parts of, XML data sent to and received from the web service. XML Digital Signature.
3. Encrypt all or parts of the data going in and out of the web service.
The simplest way is using HTTPS, but then there are also XML Encryption which can encrypt part of a SOAP message.
Thanks for replies. I expected it to be less painful
Is there a simplest scenario to secure a simple web service that takes 2 input strings, and outputs one string.
Joined: Oct 04, 2006
The simplest scenario is to use basic authentication, as provided by the servlet container(?).
If you want to improve security, add on HTTPS.
This document contains, among a lot of other things, step-by-step tutorial describing how to accomplish the above:
http://faq.javaranch.com/content/Exam-Objectives-5.pdf Best wishes!
Joined: Feb 24, 2009
subject: What does it mean "to secure a web service"