Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Username and password security for webservices using JAX WS

 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ,

Is @Polcies annotation is specific to weblogic server only ??
Cant we use that if we dont use weblogic server ??

Basically i just want to provide username and password security to my webservice , how can we do this if we are using server other than weblogic .

Please help

Thanks in advance .


 
Hany Shafik
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
To answer your first question I believe it is yes as it belongs to the package weblogic.jws.Policies, so it isn't possible to use it outside Weblogic.
As I know currently JAX-WS doesn't support WS-Security, so there is no standard API or annotations that you can use or rely on.
However it is preferred to can use an XML deployment descriptor provided by your application server instead of using annotation in order to have your code portable between different application servers, as currently many application servers support WS-Security but in different manners.
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
I am of the strong impression that JAX-WS does indeed support WS-Security.
This can be configured using WS-Policy in the service WSDL and, dropping certain Metro libraries in on the client side, the client automatically recognizes and honors the WS-Policy declarations.
Best wishes!
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ivan Krizsan wrote:I am of the strong impression that JAX-WS does indeed support WS-Security.

It would be more accurate to say that Metro supports WS-Security; it's perfectly possible to implement JAX-WS w/o WS-Security - the JAX-WS RI is an example of that.
 
Hany Shafik
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I couldn't find any part in the JAX-WS 2.2 jsr224 specification that says anything about WS-Security, that is why I concluded this answer.
I think Metro supports WS-Security among other WS-* specifications as part of the WSIT project (Web Services Interoperability Technologies), which doesn't have a corresponding jsr. Also as I understand from Metro samples that you use a configuration file named wsit-package.service.xml that resembles a normal WSDL file to configure the required polices
 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ,
Ulf welcome back . its nice to see you back

After deploying my JAX WS Application in weblogic , i am providing security by configuring WS_policy Tab and suppllying it a default http-UsernameToken.xml file

What is the username and password for the above and how can we supply our own parameters .

Thanks .
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic