*
The moose likes Web Services Certification (SCDJWS/OCEJWSD) and the fly likes Usage of the Username Token Profile Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Services Certification (SCDJWS/OCEJWSD)
Bookmark "Usage of the Username Token Profile" Watch "Usage of the Username Token Profile" New topic
Author

Usage of the Username Token Profile

Christian Nicoll
Ranch Hand

Joined: Mar 09, 2008
Posts: 106
Hello Ranchers,

I've written a simple Hello World JAX-WS webservice. Now, I want to secure this service, so that only specific users (with username and password) can access this webserivce. My understandig is that the Username Token Profile is here the right utility to implement this.

Until now, I've used Eclipse to build the service and I've use a bottom-up approach, so that I've just write my Java classes and annotated them. The wsdl-file is generated when I deploy my service to my server. I've searched for annotations - or something like this - which gives me the possibility to add the security features to my Java classes, but I've don't find anything.

It seams to me, that the bottom-up approach can't solve this problem, and that I've to deal directly now with the WSDL-file. Is this correct, or am I on the wrong side of the street ?

Greeting,
Christian

SCJP 5, SCJD 5, SCWCD 5, SCBCD 5, SCJDWS 5
My SCBCD-Notes - My Hello World Webservice
udaykumar maddigatla
Ranch Hand

Joined: Feb 03, 2009
Posts: 69
Hi

May be you can make your web service as EJB session bean and add the annotation like @ RolesAllowed.

This is same as presenting the BASIC LEVEL Authentication with servlets.

Please skip the above suggession, if you don't like.


SCJP 5.0(84%), SCWCD 5.0(97%), SCDJWS 5.0(98%)
Dan Drillich
Ranch Hand

Joined: Jul 09, 2001
Posts: 1167
Right, as Udaykumar suggested, you might consider using the HTTP BASIC authentication. It really depends how secure the service should be ...

Please have a look at JAX-WS and BASIC authentication, when user names and passwords are in a database.

Regards,
Dan


William Butler Yeats: All life is a preparation for something that probably will never happen. Unless you make it happen.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41039
    
  43
No, you really shouldn't be using Basic Authentication; WS-Security (with a Username Token) is the way to go.

Unfortunately, WS-Security isn't integrated with JAX-WS, so there aren't any annotations you can use to configure it. But if you're using the Metro stack, then you have everything you need to add WS-Security to JAX-WS; check its documentation for examples.


Ping & DNS - my free Android networking tools app
Bob Nedwor
hangman
Ranch Hand

Joined: Aug 17, 2005
Posts: 215

But if you're using the Metro stack, then you have everything you need..


Thanks, I think the Metro stack comes with Glassfish v3, is that correct?


Bob N
SCJP - 1.4
SCJD - (B&S) Used 1.5 And It Runs On Solaris10
SCWCD - Thanks to HFSJ!!
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41039
    
  43
I think the Metro stack comes with Glassfish v3, is that correct?

Yes.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Usage of the Username Token Profile
 
Similar Threads
Sub Classes not getting generated in Jar
Web service and friendly URL.
I hope someone replies to this one
Webservice client code generation using axis2 and eclipse galilio
setting the endpoint url