What are the best ways to provide a secure communication between two web applications? Here the communication is uni-directional, i.e. ABC web app can communicate with XYZ web app, not the other way around, and the XYZ should trust the requests that are coming in from ABC....this communication must be very secure.
I know some ways to achieve this, like using web services (JAX-RPC or JAX-WS, SOAP, REST, AIX1 or AIX2), JMS Queues/Topics or simple Servelet.
Other than the above, are there any better ways to achieve this?, like writing our own distributional api and sharing it with the other (example twitter4j)?
If these are the only ways, then please let me know which one is the best one?
Thanks in advance.....
Pawan Komaram
Ranch Hand
Joined: Dec 08, 2009
Posts: 91
posted
0
is there anyone who can help me on this?
Tim Moores
Rancher
Joined: Sep 21, 2011
Posts: 2407
posted
0
Not sure what "AIX1/2" is, but anything HTTP-based seems natural for a web app. Have you looked into REST libraries like Jersey?
Pawan Komaram
Ranch Hand
Joined: Dec 08, 2009
Posts: 91
posted
0
I am sorry, I was referring AXIS1/2.......I have seen REST libraries as well, but not sure which one to use.
This communication must be very secure i.e the data flowing from website ABC to XYZ must be encrypted, what kind of approach I can use for that.
Tim Moores
Rancher
Joined: Sep 21, 2011
Posts: 2407
posted
1
The easiest way to encrypt data over an HTTP connection is to use HTTPS.
William Brogden
Author and all-around good cowpoke
Rancher
Joined: Mar 22, 2000
Posts: 12267
1
posted
1
Exactly where are these two applications loacated?
1. Same server instance
2. Same physical machine, different servers
3. LocalAreaNetwork?
4. different planets....etc etc
These two applications are located in a two different server machines and they are in internet. The scenarios is something like this.
There is an insurance provider who wants to give access to secured pages to users of third party websites which acts as agents for insurance provider for selling their policies.
If a user bought a policy through a third party website when he logs into that site and wants to see the policy details which are present in a insurance provider site that user must re-directed to the policy details page of insurance provider website without any prompt log in or any.
Insurance provider does this only if it trusts the source of the request and whatever data is transmitted between these websites must be encrypted.
William Brogden
Author and all-around good cowpoke
Rancher
Joined: Mar 22, 2000
Posts: 12267
1
posted
0
Given the requirement for authentication and encryption, I would say that a SOAP style server and client will do the trick.
No, here the user must be redirected to insurance provider website, but incase of websiervice request, I would get the response to my website and can display the details in my website only, the requirements is not that!! The information must flow in one direction i.e from third party website to provider's website, there after user will be browsing in that website only, I should allow only the users that are coming from selected and trusted third party websites.
0
