File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Services and the fly likes Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "Security" Watch "Security" New topic
Author

Security

sue gari
Greenhorn

Joined: Nov 03, 2010
Posts: 10
I have just started learning webservices. Can you guide me as to how to implement security in SOAP. Also which is better top down or bottom up approach. Any documentation in this regard is greatly appreciated. Thanks,
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
That's the realm of WS-Security, which is implemented by all major SOAP stacks. It covers both authentication (username/password) and encryption. The documentation of whichever SOAP stack you're using should talk about it.
sue gari
Greenhorn

Joined: Nov 03, 2010
Posts: 10
Thank you for the reply. This is for applications within the company, do you think ws-security is better or SSL. Also do you think ws-security will be supported even in the future.

Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
Yes, I think WS-Security is better (more flexible and more capable) than using HTTP security measures like Basic Digest authentication or SSL. It's supported by all major SOAP stacks and I see no reason why it wouldn't continue to be so as long as the SOAP stacks themselves are supported.
Jimmy Clark
Ranch Hand

Joined: Apr 16, 2008
Posts: 2187
SSL security mechanisms are at the Network layer. WS-Security is at the Message layer. Securing web services with SSL and without using WS-Security is a caveman approach, similar to trying to slice cheese with a chainsaw You will certainly be able to "cut the cheese" with a chainsaw, but... your code is sure to be smelly (for anything complex)


Below is a good starting point for web service security.

SOA Security
by Ramarao Kanneganti and Prasad A. Chodavarapu


http://www.manning.com/kanneganti/
 
Consider Paul's rocket mass heater.
 
subject: Security