• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Usage of the Username Token Profile

 
Christian Nicoll
Ranch Hand
Posts: 106
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Ranchers,

I've written a simple Hello World JAX-WS webservice. Now, I want to secure this service, so that only specific users (with username and password) can access this webserivce. My understandig is that the Username Token Profile is here the right utility to implement this.

Until now, I've used Eclipse to build the service and I've use a bottom-up approach, so that I've just write my Java classes and annotated them. The wsdl-file is generated when I deploy my service to my server. I've searched for annotations - or something like this - which gives me the possibility to add the security features to my Java classes, but I've don't find anything.

It seams to me, that the bottom-up approach can't solve this problem, and that I've to deal directly now with the WSDL-file. Is this correct, or am I on the wrong side of the street ?

Greeting,
Christian
 
udaykumar maddigatla
Ranch Hand
Posts: 69
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

May be you can make your web service as EJB session bean and add the annotation like @ RolesAllowed.

This is same as presenting the BASIC LEVEL Authentication with servlets.

Please skip the above suggession, if you don't like.
 
Dan Drillich
Ranch Hand
Posts: 1183
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Right, as Udaykumar suggested, you might consider using the HTTP BASIC authentication. It really depends how secure the service should be ...

Please have a look at JAX-WS and BASIC authentication, when user names and passwords are in a database.

Regards,
Dan
 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, you really shouldn't be using Basic Authentication; WS-Security (with a Username Token) is the way to go.

Unfortunately, WS-Security isn't integrated with JAX-WS, so there aren't any annotations you can use to configure it. But if you're using the Metro stack, then you have everything you need to add WS-Security to JAX-WS; check its documentation for examples.
 
Bob Nedwor
hangman
Ranch Hand
Posts: 215
Eclipse IDE Oracle Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But if you're using the Metro stack, then you have everything you need..


Thanks, I think the Metro stack comes with Glassfish v3, is that correct?
 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think the Metro stack comes with Glassfish v3, is that correct?

Yes.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic