File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security

 
sue gari
Greenhorn
Posts: 10
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have just started learning webservices. Can you guide me as to how to implement security in SOAP. Also which is better top down or bottom up approach. Any documentation in this regard is greatly appreciated. Thanks,
 
Tim Moores
Bartender
Pie
Posts: 2488
4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's the realm of WS-Security, which is implemented by all major SOAP stacks. It covers both authentication (username/password) and encryption. The documentation of whichever SOAP stack you're using should talk about it.
 
sue gari
Greenhorn
Posts: 10
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for the reply. This is for applications within the company, do you think ws-security is better or SSL. Also do you think ws-security will be supported even in the future.

 
Tim Moores
Bartender
Pie
Posts: 2488
4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, I think WS-Security is better (more flexible and more capable) than using HTTP security measures like Basic Digest authentication or SSL. It's supported by all major SOAP stacks and I see no reason why it wouldn't continue to be so as long as the SOAP stacks themselves are supported.
 
Jimmy Clark
Ranch Hand
Posts: 2187
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SSL security mechanisms are at the Network layer. WS-Security is at the Message layer. Securing web services with SSL and without using WS-Security is a caveman approach, similar to trying to slice cheese with a chainsaw You will certainly be able to "cut the cheese" with a chainsaw, but... your code is sure to be smelly (for anything complex)


Below is a good starting point for web service security.

SOA Security
by Ramarao Kanneganti and Prasad A. Chodavarapu


http://www.manning.com/kanneganti/
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic