*
The moose likes Web Services and the fly likes What does it mean Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "What does it mean "to secure a web service" " Watch "What does it mean "to secure a web service" " New topic
Author

What does it mean "to secure a web service"

forums UseR
Ranch Hand

Joined: Feb 24, 2009
Posts: 169
Hello fellow ranchers...,

I have created a simple web service that returns "hello, world" . I was told to secure this web service. Can anybody let me know

1. what does it mean "to secure a web service" ?

2. how to secure a web service (in my case "hello world" web service).

Thanks a lot!
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12756
    
    5
Web service security is WAY too big a topic to cover in one post - there are so many aspects to it - including:

Authentication of users
Encryption of contents
Secure transmission
Verification that contents have not been altered

I suggest you start reading with this Wikipedia article.

Bill
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
Securing a web service means to add security measures to prevent one or more of the following:
1. Unauthorized access to the services of the web service.
2. Tampering of the data sent to and received from the web service.
3. Third party from reading the data sent to and received from the web service.

Examples of measures that can be taken to secure the web service (matching the requirements above):
1. Adding a login mechanism or requiring clients to present a security token from a trusted security service.
2. Checksumming all, or parts of, XML data sent to and received from the web service. XML Digital Signature.
3. Encrypt all or parts of the data going in and out of the web service.
The simplest way is using HTTPS, but then there are also XML Encryption which can encrypt part of a SOAP message.

For some pointers on this vast subject, take a look at this webpage: http://www.netbeans.org/kb/trails/java-ee.html
In the bottom right corner, there is a section named "Web Service Reliability and Security".
Best wishes!
forums UseR
Ranch Hand

Joined: Feb 24, 2009
Posts: 169
Thanks for replies. I expected it to be less painful

Is there a simplest scenario to secure a simple web service that takes 2 input strings, and outputs one string.
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
The simplest scenario is to use basic authentication, as provided by the servlet container(?).
If you want to improve security, add on HTTPS.
This document contains, among a lot of other things, step-by-step tutorial describing how to accomplish the above:
http://faq.javaranch.com/content/Exam-Objectives-5.pdf
Best wishes!
forums UseR
Ranch Hand

Joined: Feb 24, 2009
Posts: 169
answered
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: What does it mean "to secure a web service"
 
Similar Threads
what is "Proxy"?
Propagating client identity
Help with Unexpected end of file from server
Sending requests in xml
Implementing Web Service Secutity