This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
I am new to web services , i have developed a small web service using jax-ws and i want clients of this web service to send user name and password in each soap message they send to my service , so how can i do that with https and basic authentication , is it the same as securing any web page or does it require any addiational stuff that i should know about .
I developed a small web service and I want the clients of this web service to send user name and password each time they access my web service. I'm not looking to encrypt the call (maybe in the future I will).
Here is an example of my web service...
I have a test client that accesses the web service, and effectly I get the following error, "The server sent HTTP status code 401: Unauthorized"
here is my client code...
I've been reading on the web about securing web services in JBoss, and I'm confused as to what I must do. I keep see that I need to add some stuff to web.xml, other sites I read mention jboss-web.xml. Where are these files located what do I have to add to these files? Also what do I need to do on the client side to access my secure web service?
Go to the JBoss in Action web site (link below) and grab the free chapter 9. That has everything you need to know about configuring web services. Even though the book is specific to AS 5.x, AS 4.x uses the same web services code (the versions are different but the configuration is the same). There is a whole section on securing web services.
I have read that chapter but I'm still confused as to what I need to do to secure my EJB web service. As I mentioned earlier, I've gotten to the point where my web service is secure (thanks to the info I got in the JBoss in Action book), I even secured the WSDL file using the following lines of code...
So now even when I try to view the WSDL file, I get prompted for a user name and password. My question is, where do I assign this user name and password in JBoss? Reading on the web I keep seeing various articles mention xml files such as web.xml, jbossws.xml and ejb-jar.xml. Do I add the user name and password to one of these files? Keep in mind my web service is an EJB and not a web application so I don't have a web.xml or jbossws.xml, so where do I add the user name and password?
Steve wrote: My question is, where do I assign this user name and password in JBoss?
JBoss in Action, pg 252, Securing the EJB Web Service wrote: Finally, the value element of the @SecurityDomain annotation identifies the
name of the login module used (3).
The login module determines where and how the username and password are specified within JBoss AS. The example in the book uses properties files in server/xxx/conf/props. So what is the definition of PatientDemoWS in login-config.xml?