I have been trying the implement security for my web service and started studying some URL about securing web service. Based on my study, I found that there are 2 levels of security: Transport level and Message level. Transport level is to make the HTTP protocol to HTTPS and Message level is to implement Username & password for each web service request. I googled enough to get an example to understand how to implement it for my application, however, I found is different for each framework like CXF, AXIS,etc and its confusing. Can someone please guide me how to implement the security for web services?
WS-Security (which describes encryption, signing and authentication) is a standard that works the same for SOAP generated by all SOAP stacks. What is different is how it is configured; the documentation of whichever stack you're using should talk about that.
Thank you very much for your response.! I'm new to this area. Can you suggest me how to implement HTTP basic message level authentication for CXF framework?