File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Services and the fly likes Web Servives security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Web Servives security" Watch "Web Servives security" New topic
Author

Web Servives security

K Kiran Kumar
Ranch Hand

Joined: Jan 04, 2006
Posts: 109
Hi,

I am using RAD 8 and WAS 8 for my application development. I exposed a method as a web service, generated WSDL, then clients and was able to access the web services using the client classes.

I want to impose security constraints on my web service because people who knows my WSDL and who are in my network can use my web services.
Could some one please explain me how to impose security constraints (Username Tokens) for my web service at the PRODUCER side in WebSphere server. I tried googling many links and unfortunately I didnot find a good URL to suffice my requirement. I guess there is some configuration required at the Admin console. NOt sure what it is....

I know how to access the WS from the client (CONSUMER) side. I just need to add the following in the header in my SOAP input request to access web services.

Regards,
Kiran.
Jimmy Clark
Ranch Hand

Joined: Apr 16, 2008
Posts: 2187
The following is an excellent resouce with well-written exercises.

SOA Security
by Ramarao Kanneganexti and Prasad A. Chodavarapu

http://www.manning.com/kanneganti/

Enjoy!
K Kiran Kumar
Ranch Hand

Joined: Jan 04, 2006
Posts: 109
Hi Jimmy - I appreciate your response. Unfortunately the URL you provided was based on Apache axis and using Tomcat server. When it come to Websphere, the concepts remain the same but the way web services are configured will differ i.e., we can configure the security in the Admin console by creating tokens and binding them to application. I am more interested in finding out the same.
Regards,
Kiran.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
WebSphere being a commercial product, I think it should have documentation or a web site -possibly with support forums- that explains such details. Not so?
K Kiran Kumar
Ranch Hand

Joined: Jan 04, 2006
Posts: 109
Tim - you are correct. WebSphere - IBM has documentation. I had been to many URL's and in none of the URL's the solution is not complete. There is no real time end to end configuration/setting in a single link.... I almost spent 2 days searching for the same and I failed to find a good link to my problem. It may be either I am not good at searching or the documentation is awful...

Regards,
Kiran.
H Paul
Ranch Hand

Joined: Jul 26, 2011
Posts: 471
    
    4
Trust but verify.


1. GOOGLE:
- WS-POLICY and WS-POLICY attachment.
- Rational Application Developer for WebSphere Software V8 Programming Guide

2. Getting started for Server Side: I once played with:

If you have access to Admin console, you should see:

a. Service link > Policy Set > Application policy sets
This is where you clone 1 of the existing/predefined WS-POLICY.
Then customize/remove every thing except what you wanted, which is UNT

b. Service link > Policy Set > General provider policy set bindings

This is where you clone 1 of the existing/predefined WS-POLICY BINDING
Then customize/remove every thing except what you wanted, which is UNT

c. Service link > Service providers > YOUR WEBSERVICE > Policy Set Attachments

You should see/use to do policy attachment
1. Attach Policy Set
2. Assign Binding


3. More: IBM Websphere Forum
Jimmy Clark
Ranch Hand

Joined: Apr 16, 2008
Posts: 2187
IBM consultants come with a hourly price. They could surely help you implement security. If the Websphere online documentation was comprehensive, easy to search, and readily available, there might not be a need to hire their consultants. There is a potential conflict of interest between offering technical consulting services and publishing effective and concise information for free. However, they have to offer some information to assist with marketing and such. Whether it is complete, accurate or helpful is another story.

When you make the decision to use a commercial product, what I mentioned above is what you decided upon.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Web Servives security