This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Web Services and the fly likes Web Services Security using SAML v2.0 and XACML Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Java » Web Services
Bookmark "Web Services Security using SAML v2.0 and XACML" Watch "Web Services Security using SAML v2.0 and XACML" New topic

Web Services Security using SAML v2.0 and XACML

Avijeet Ghosh

Joined: May 27, 2011
Posts: 1

We are building a series of web services as a part of Web Services Layer for a project. In this regard, if anyone can help me with the following scenario through the links to the defined tutorial or code snippets and steps that will be of great help:

Technology Stack proposed: Axis 2.0, Rampart, XACML, WebSphere 7.0

1. The Client will call a SOAP based web service over https. After the database authentication, the client will be issued a SAML v2.0 token with identity assestion and a role corresponding to the user. This token will be returned to the client.
2. The client will subsequently call the other web services. All this services will be bounded with a secure policy expecting the SAML token.
3. After the token authentication, the role should be checked at the individual service method level for the authentication. If the role does not match, the service should return an UnAuthorized exception to the user.

I am searching for a good example or tutorial but in vain.Kindly help me with the same.

Thanks and Regards,
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link:
subject: Web Services Security using SAML v2.0 and XACML
jQuery in Action, 3rd edition