• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

What does it mean "to secure a web service"

 
forums UseR
Ranch Hand
Posts: 169
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello fellow ranchers...,

I have created a simple web service that returns "hello, world" . I was told to secure this web service. Can anybody let me know

1. what does it mean "to secure a web service" ?

2. how to secure a web service (in my case "hello world" web service).

Thanks a lot!
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13058
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Web service security is WAY too big a topic to cover in one post - there are so many aspects to it - including:

Authentication of users
Encryption of contents
Secure transmission
Verification that contents have not been altered

I suggest you start reading with this Wikipedia article.

Bill
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
Securing a web service means to add security measures to prevent one or more of the following:
1. Unauthorized access to the services of the web service.
2. Tampering of the data sent to and received from the web service.
3. Third party from reading the data sent to and received from the web service.

Examples of measures that can be taken to secure the web service (matching the requirements above):
1. Adding a login mechanism or requiring clients to present a security token from a trusted security service.
2. Checksumming all, or parts of, XML data sent to and received from the web service. XML Digital Signature.
3. Encrypt all or parts of the data going in and out of the web service.
The simplest way is using HTTPS, but then there are also XML Encryption which can encrypt part of a SOAP message.

For some pointers on this vast subject, take a look at this webpage: http://www.netbeans.org/kb/trails/java-ee.html
In the bottom right corner, there is a section named "Web Service Reliability and Security".
Best wishes!
 
forums UseR
Ranch Hand
Posts: 169
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for replies. I expected it to be less painful

Is there a simplest scenario to secure a simple web service that takes 2 input strings, and outputs one string.
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
The simplest scenario is to use basic authentication, as provided by the servlet container(?).
If you want to improve security, add on HTTPS.
This document contains, among a lot of other things, step-by-step tutorial describing how to accomplish the above:
http://faq.javaranch.com/content/Exam-Objectives-5.pdf
Best wishes!
 
forums UseR
Ranch Hand
Posts: 169
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
answered
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic